NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/xserver_xorg-server: security bump to version 1.20.14

Browse Source 
Fixes the following vulnerabilities:

* CVE-2021-4008/ZDI-CAN-14192 SProcRenderCompositeGlyphs out-of-bounds
  access

  The handler for the CompositeGlyphs request of the Render extension does
  not properly validate the request length leading to out of bounds memory
  write.

* CVE-2021-4009/ZDI-CAN 14950 SProcXFixesCreatePointerBarrier out-of-bounds
  access

  The handler for the CreatePointerBarrier request of the XFixes extension
  does not properly validate the request length leading to out of bounds
  memory write.

* CVE-2021-4010/ZDI-CAN-14951 SProcScreenSaverSuspend out-of-bounds access

  The handler for the Suspend request of the Screen Saver extension does not
  properly validate the request length leading to out of bounds memory
  write.

* CVE-2021-4011/ZDI-CAN-14952 SwapCreateRegister out-of-bounds access

  The handlers for the RecordCreateContext and RecordRegisterClients
  requests of the Record extension do not properly validate the request
  length leading to out of bounds memory write.

For details, see the advisory:
https://lists.x.org/archives/xorg-announce/2021-December/003122.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard 2022-01-22 17:50:12 +01:00
parent a4a84a9aa9
commit ff1cd8a275
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
package/x11r7/xserver_xorg-server/xserver_xorg-server.hash
View File

@ -1,6 +1,6 @@
# From https://lists.x.org/archives/xorg-announce/2021-July/003100.html
sha256 40aa4e96a56a81a301f15a9b10e06a22700f12b42d9e0e453c7f11d354386300 xorg-server-1.20.13.tar.xz
sha512 4e0b7bd4e070dc52cb2c51c2056feb133de2c0487d359392ed63abba9702910cd2e2983e9415973d8d6e9672eac78be6f39202687fc56610877914ce722554b3 xorg-server-1.20.13.tar.xz
# From https://lists.x.org/archives/xorg-announce/2021-December/003124.html
sha256 5cc5b70b9be89443e2594b93656c60bd5e82cd7f01deb4ce4faf81dcf546a16b xorg-server-1.20.14.tar.xz
sha512 be3dc32cce7d55d7e38c5f6557027f13f39224c76cc83e5800555d5ce89dbdc3731773a2d186a5b97db9fc8731a2b2dd6e9829af2b01ee2559246d4aef7c4963 xorg-server-1.20.14.tar.xz
# Locally calculated
sha256 4cc0447a22635c7b2f1a93fec4aa94f1970fadeb72a063de006b51cf4963a06f COPYING

2
package/x11r7/xserver_xorg-server/xserver_xorg-server.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
XSERVER_XORG_SERVER_VERSION = 1.20.13
XSERVER_XORG_SERVER_VERSION = 1.20.14
XSERVER_XORG_SERVER_SOURCE = xorg-server-$(XSERVER_XORG_SERVER_VERSION).tar.xz
XSERVER_XORG_SERVER_SITE = https://xorg.freedesktop.org/archive/individual/xserver
XSERVER_XORG_SERVER_LICENSE = MIT