X.Org Security Advisory: Protocol handling issues in X Window System client libraries
Description:
Ilja van Sprundel, a security researcher with IOActive, has discovered
a large number of issues in the way various X client libraries handle
the responses they receive from servers, and has worked with X.Org’s
security team to analyze, confirm, and fix these issues.
Most of these issues stem from the client libraries trusting the
server
to send correct protocol data, and not verifying that the values will
not overflow or cause other damage. Most of the time X clients &
servers
are run by the same user, with the server more privileged from the
clients,
so this is not a problem, but there are scenarios in which a
privileged
client can be connected to an unprivileged server, for instance,
connecting
a setuid X client (such as a screen lock program) to a virtual X
server
(such as Xvfb or Xephyr) which the user has modified to return invalid
data, potentially allowing the user to escalate their privileges.
The X.Org security team would like to take this opportunity to remind
X client authors that current best practices suggest separating code
that requires privileges from the GUI, to reduce the attack surface of
issues like this.
The vulnerabilities include:
- integer overflows calculating memory needs for replies
These calls do not check that their calculations for how much memory
is needed to handle the returned data have not overflowed, so can
result in allocating too little memory and then writing the returned
data past the end of the allocated buffer.
* CVE-2013-1981: libX11 1.5.99.901 (1.6 RC1) and earlier
Affected functions: XQueryFont(), _XF86BigfontQueryFont(),
XListFontsWithInfo(), XGetMotionEvents(), XListHosts(),
XGetModifierMapping(), XGetPointerMapping(), XGetKeyboardMapping(),
XGetWindowProperty(), XGetImage()
* CVE-2013-1982: libXext 1.3.1 and earlier
Affected functions: XcupGetReservedColormapEntries(),
XcupStoreColors(), XdbeGetVisualInfo(), XeviGetVisualInfo(),
XShapeGetRectangles(), XSyncListSystemCounters()
* CVE-2013-1983: libXfixes 5.0 and earlier
Affected functions: XFixesGetCursorImage()
* CVE-2013-1984: libXi 1.7.1 and earlier
Affected functions: XGetDeviceControl(), XGetFeedbackControl(),
XGetDeviceDontPropagateList(), XGetDeviceMotionEvents(),
XIGetProperty(), XIGetSelectedEvents(), XGetDeviceProperties(),
XListInputDevices()
* CVE-2013-1985: libXinerama 1.1.2 and earlier
Affected functions: XineramaQueryScreens()
* CVE-2013-2062: libXp 1.0.1 and earlier
Affected functions: XpGetAttributes(), XpGetOneAttribute(),
XpGetPrinterList(), XpQueryScreens()
* CVE-2013-1986: libXrandr 1.4.0 and earlier
Affected functions: XRRQueryOutputProperty(),
XRRQueryProviderProperty()
[XRRQueryProviderProperty() was introduced in libXrandr 1.4.0 and is
not found in 1.3.2 and older releases.]
* CVE-2013-1987: libXrender 0.9.7 and earlier
Affected functions: XRenderQueryFilters(), XRenderQueryFormats(),
XRenderQueryPictIndexValues()
* CVE-2013-1988: libXRes 1.0.6 and earlier
Affected functions: XResQueryClients(), XResQueryClientResources()
* CVE-2013-2063: libXtst 1.2.1 and earlier
Affected functions: XRecordGetContext()
* CVE-2013-1989: libXv 1.0.7 and earlier
Affected functions: XvQueryPortAttributes(), XvListImageFormats(),
XvCreateImage()
* CVE-2013-1990: libXvMC 1.0.7 and earlier
Affected functions: XvMCListSurfaceTypes(), XvMCListSubpictureTypes()
* CVE-2013-1991: libXxf86dga 1.1.3 and earlier
Affected functions: XDGAQueryModes(), XDGASetMode()
* CVE-2013-1992: libdmx 1.1.2 and earlier
Affected functions: DMXGetScreenAttributes(),
DMXGetWindowAttributes(),
DMXGetInputAttributes()
* CVE-2013-2064: libxcb 1.9 and earlier
Affected functions: read_packet()
* CVE-2013-1993: libGLX in Mesa 9.1.1 and earlier
Affected functions: XF86DRIOpenConnection(),
XF86DRIGetClientDriverName()
* CVE-2013-1994: libchromeXvMC & libchromeXvMCPro in openChrome 0.3.2
and earlier
Affected functions: uniDRIOpenConnection(), uniDRIGetClientDriverName()
- sign extension issues calculating memory needs for replies
These calls do not check that their calculations for how much memory
is needed to handle the returned data have not had sign extension
issues when converting smaller integer types to larger ones, leading
to negative numbers being used in memory size calculations that can
result in allocating too little memory and then writing the returned
data past the end of the allocated buffer.
* CVE-2013-1995: libXi 1.7.1 and earlier
Affected functions: XListInputDevices()
* CVE-2013-1996: libFS 1.0.4 and earlier
Affected functions: FSOpenServer()
- buffer overflows due to not validating length or offset values in replies
These calls do not check that the lengths and/or indexes returned by
the
server are within the bounds specified by the caller or the bounds of
the
memory allocated by the function, so could write past the bounds of
allocated memory when storing the returned data.
* CVE-2013-1997: libX11 1.5.99.901 (1.6 RC1) and earlier
Affected functions: XAllocColorCells(), _XkbReadGetDeviceInfoReply(),
_XkbReadGeomShapes(), _XkbReadGetGeometryReply(),
_XkbReadKeySyms(),
_XkbReadKeyActions(), _XkbReadKeyBehaviors(),
_XkbReadModifierMap(),
_XkbReadExplicitComponents(), _XkbReadVirtualModMap(),
_XkbReadGetNamesReply(), _XkbReadGetMapReply(), _XimXGetReadData(),
XListFonts(), XListExtensions(), XGetFontPath()
* CVE-2013-1998: libXi 1.7.1 and earlier
Affected functions: XGetDeviceButtonMapping(),
_XIPassiveGrabDevice(),
XQueryDeviceState()
* CVE-2013-2066: libXv 1.0.7 and earlier
Affected functions: XvQueryPortAttributes()
* CVE-2013-1999: libXvMC 1.0.7 and earlier
Affected functions: XvMCGetDRInfo()
* CVE-2013-2000: libXxf86dga 1.1.3 and earlier
Affected functions: XDGAQueryModes(), XDGASetMode()
* CVE-2013-2001: libXxf86vm 1.1.2 and earlier
Affected functions: XF86VidModeGetGammaRamp()
* CVE-2013-2002: libXt 1.1.3 and earlier
Affected functions: _XtResourceConfigurationEH()
- integer overflows parsing user-specified files
These calls do not check that their calculations for how much memory
is needed to handle the data being read have not overflowed, so can
result in allocating too little memory and then writing the returned
data past the end of the allocated buffer.
* CVE-2013-1981: libX11 1.5.99.901 (1.6 RC1) and earlier
Affected functions: LoadColornameDB(), XrmGetFileDatabase(),
_XimParseStringFile(), TransFileName()
* CVE-2013-2003: libXcursor 1.1.13 and earlier
Affected functions: _XcursorFileHeaderCreate()
- unbounded recursion parsing user-specified files
These calls read in files and handle C-style ‘#include’ directives
to include other files, and have no limit for how many levels deep
they will go, including allowing files to #include themselves, until
the stack overflows from the recursive function calling patterns.
* CVE-2013-2004: libX11 1.5.99.901 (1.6 RC1) and earlier
Affected functions: GetDatabase(), _XimParseStringFile()
- memory corruption due to unchecked return values
These calls assume that pointers are properly initialized by the
XGetWindowProperty() function and don’t check for failure of the
function to return a valid window property, which can lead to
use of uninitialized pointers for reading, writing, or passing to
functions such as free(). XGetWindowProperty() in libX11 1.5.99.901
(1.6RC1) and earlier did not ensure returned pointers were initialized
to NULL when returning a failure (this is fixed in libX11 1.5.99.902
and later).
* CVE-2013-2005: libXt 1.1.3 and earlier
Affected functions: ReqCleanup(), HandleSelectionEvents(),
ReqTimedOut(), HandleNormal(), HandleSelectionReplies()
Affected Versions
X.Org believes all prior versions of these libraries contain these
flaws, dating back to their introduction.
Versions of the X libraries built on top of the Xlib bridge to the XCB
framework are vulnerable to fewer issues than those without, due to
the
added safety and consistency assertions in the XCB calls to read data
from the network, but most of these vulnerabilities are not caught by
those checks.
Fixes
Fixes are available in git commits and patches which will be listed
on http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
when this advisory is released.
Fixes will also be included in these module releases from X.Org:
libX11 1.5.99.902 (1.6 RC2)
libXcursor 1.1.14
libXext 1.3.2
libXfixes 5.0.1
libXi 1.7.2
libXinerama 1.1.3
libXp 1.0.2
libXrandr 1.4.1
libXrender 0.9.8
libXRes 1.0.7
libXv 1.0.8
libXvMC 1.0.8
libXxf86dga 1.1.4
libXxf86vm 1.1.3
libdmx 1.1.3
libxcb 1.9.1
libFS 1.0.5
libXt 1.1.4
or releases to be determined from our sister projects:
xf86-video-openchrome OpenChrome project - http://www.openchrome.org/
Mesa Mesa3D project - http://www.mesa3d.org/
Thanks
X.Org thanks Ilja van Sprundel of IOActive for reporting these issues to
our
security team and assisting them in understanding them and evaluating
our
fixes, and Alan Coopersmith of Oracle for coordinating the X.Org
response and
developing the fixes for these issues.
(from redmine: issue id 1931, created on 2013-05-23, closed on 2013-05-29)
- Relations:
- child #1932 (closed)
- child #1933 (closed)
- child #1934 (closed)
- child #1935 (closed)
- child #1936 (closed)
- child #1937 (closed)
- child #1938 (closed)
- child #1939 (closed)
- child #1940 (closed)
- child #1941 (closed)
- child #1942 (closed)
- child #1943 (closed)
- child #1944 (closed)
- child #1945 (closed)
- child #1946 (closed)
- child #1947 (closed)
- child #1948 (closed)
- child #1949 (closed)
- child #1950 (closed)
- child #1951 (closed)
- child #1952 (closed)
- child #1953 (closed)
- child #1954 (closed)
- child #1955 (closed)
- child #1956 (closed)
- child #1957 (closed)
- child #1958 (closed)
- child #1959 (closed)
- child #1960 (closed)
- child #1961 (closed)
- child #1962 (closed)
- child #1963 (closed)
- child #1964 (closed)
- child #1965 (closed)
- child #1966 (closed)
- child #1967 (closed)
- child #1968 (closed)
- child #1969 (closed)
- child #1970 (closed)
- child #1971 (closed)
- child #1972 (closed)
- child #1973 (closed)
- child #1974 (closed)
- child #1975 (closed)
- child #1976 (closed)
- child #1977 (closed)
- child #1978 (closed)
- child #1979 (closed)
- child #1980 (closed)
- child #1981 (closed)
- child #1982 (closed)
- child #1983 (closed)
- child #1984 (closed)
- child #1985 (closed)
- child #1986 (closed)
- child #1987 (closed)
- child #1988 (closed)
- child #1989 (closed)
- child #1990 (closed)
- child #1991 (closed)
- child #1992 (closed)
- child #1993 (closed)
- child #1994 (closed)
- child #1995 (closed)
- child #1996 (closed)
- child #1997 (closed)
- child #1998 (closed)
- child #1999 (closed)
- child #2013 (closed)
- child #2014 (closed)
- child #2015 (closed)
- child #2016 (closed)
- Changesets:
- Revision 682ed1fa by Natanael Copa on 2013-05-24T09:03:29Z:
main/libxcb: security fix (CVE-2013-2064)
ref #1931
- Revision 29cd7b42 by Natanael Copa on 2013-05-24T09:16:13Z:
main/libx11: upgrade to 1.5.99.902 (CVE-2013-1981,CVE-2013-1997,CVE-2013-2004)
ref #1931
- Revision 1a41cbf7 by Natanael Copa on 2013-05-24T09:49:42Z:
main/libxcb: security fix (CVE-2013-2064)
ref #1931
fixes #1984
(cherry picked from commit 682ed1fa3f5d7338fff3b497e1b95d45b2481e79)
- Revision db1e74cf by Natanael Copa on 2013-05-24T09:54:03Z:
main/libx11: security fix (CVE-2013-1981,CVE-2013-1997,CVE-2013-2004)
ref #1931
fixes #1932
- Revision b26655ea by Natanael Copa on 2013-05-24T10:11:41Z:
main/libxfixes: fix for CVE-2013-1983
ref #1931
- Revision 409cfad6 by Natanael Copa on 2013-05-24T10:15:43Z:
main/libxcb: security fix (CVE-2013-2064)
ref #1931
fixes #1985
- Revision de43558c by Natanael Copa on 2013-05-24T10:26:58Z:
main/libxrender: fix CVE-2013-1987
ref #1931
fixes #1960
- Revision 12fb9608 by Natanael Copa on 2013-05-24T10:32:13Z:
main/libxcursor: fix CVE-2013-2003
ref #1931
- Revision adf915bf by Natanael Copa on 2013-05-24T10:48:52Z:
main/libxext: fix CVE-2013-1982
ref #1931
- Revision 04adcbb8 by Natanael Copa on 2013-05-24T11:00:19Z:
main/libxi: fix CVE-2013-1984,CVE-2013-1995,CVE-2013-1998
ref #1931
- Revision 3e5921fa by Natanael Copa on 2013-05-24T11:04:59Z:
main/libxinerama: fix CVE-2013-1985
ref #1931
- Revision 596f7656 by Natanael Copa on 2013-05-24T11:10:15Z:
main/libxp: fix CVE-2013-2062
ref #1931
- Revision f4a1e4bf by Natanael Copa on 2013-05-24T11:16:48Z:
main/libxrandr: fix CVE-2013-1986
ref #1931
- Revision b262cf6c by Natanael Copa on 2013-05-24T11:23:39Z:
main/libxres: fix CVE-2013-1988
ref #1931
- Revision a04d1c8f by Natanael Copa on 2013-05-24T11:28:38Z:
main/libxv: fix CVE-2013-1989,CVE-2013-2066
ref #1931
- Revision dfac4cbe by Natanael Copa on 2013-05-24T11:35:12Z:
main/libxvmc: fix CVE-2013-1990,CVE-2013-1999
ref #1931
- Revision a632a133 by Natanael Copa on 2013-05-24T11:44:11Z:
main/libxxf86vm: fix CVE-2013-2001
ref #1931
- Revision decef4fe by Natanael Copa on 2013-05-24T11:48:42Z:
main/libxxf86dga: fix CVE-2013-1991,CVE-2013-2000
ref #1931
- Revision e6d9eccd by Natanael Copa on 2013-05-24T11:55:00Z:
main/libxt: fix CVE-2013-2002,CVE-2013-2005
ref #1931
- Revision eabb0f3c by Natanael Copa on 2013-05-24T14:53:08Z:
main/libxfixes: fix for CVE-2013-1983
ref #1931
fixes #1943
(cherry picked from commit b26655eaa38290e14b41bf0dd3645030445f42d7)
- Revision 65b25569 by Natanael Copa on 2013-05-24T14:54:52Z:
main/libxrender: fix CVE-2013-1987
ref #1931
fixes #1960
(cherry picked from commit de43558cd1904b59c2358a05514aea1d20fab1c2)
- Revision 2fb051ed by Natanael Copa on 2013-05-24T14:55:29Z:
main/libxcursor: fix CVE-2013-2003
ref #1931
fixes #1996
(cherry picked from commit 12fb9608ca0d7e1478f57863518a56e57fc759bc)
- Revision 7731c3ef by Natanael Copa on 2013-05-24T14:56:54Z:
main/libxext: fix CVE-2013-1982
ref #1931
fixes #1939
(cherry picked from commit adf915bf8b5c4ff1c07648f42cee8ab4d804dede)
- Revision 40b1d759 by Natanael Copa on 2013-05-24T14:57:25Z:
main/libxi: fix CVE-2013-1984,CVE-2013-1995,CVE-2013-1998
ref #1931
fixes #1944
(cherry picked from commit 04adcbb8d0e9999441ed2b2167b3dda47a0372c4)
- Revision 263493fe by Natanael Copa on 2013-05-24T14:57:58Z:
main/libxinerama: fix CVE-2013-1985
ref #1931
fixes #1948
(cherry picked from commit 3e5921fae9eef23dbc7c56b7905ccbf9de168cea)
- Revision 466e0a66 by Natanael Copa on 2013-05-24T14:58:26Z:
main/libxp: fix CVE-2013-2062
ref #1931
fixes #1952
(cherry picked from commit 596f76568714ab83fed8fef00c69f6493e6996e3)
- Revision 48280616 by Natanael Copa on 2013-05-24T15:01:09Z:
main/libxrandr: fix CVE-2013-1986
ref #1931
fixes #1956
(cherry picked from commit f4a1e4bfe936b7b1c1364a8ebc769145f060ce25)
- Revision 2aa2f934 by Natanael Copa on 2013-05-24T15:02:04Z:
main/libxres: fix CVE-2013-1988
ref #1931
fixes #1964
(cherry picked from commit b262cf6c02f0e15dc88618b6a9e1298ace184057)
- Revision b4533b00 by Natanael Copa on 2013-05-24T15:02:45Z:
main/libxv: fix CVE-2013-1989,CVE-2013-2066
ref #1931
fixes #1972
(cherry picked from commit a04d1c8ff925273f3caf3a46393cf73ac2b96ab5)
- Revision 581ef7ae by Natanael Copa on 2013-05-24T15:06:58Z:
main/libxvmc: fix CVE-2013-1990,CVE-2013-1999
ref #1931
fixes #1976
(cherry picked from commit dfac4cbecc1c27d53504a0d9a80019146c9c9bfb)
- Revision fc76f7f8 by Natanael Copa on 2013-05-24T15:07:56Z:
main/libxxf86vm: fix CVE-2013-2001
ref #1931
fixes #1988
(cherry picked from commit a632a13327ab882c590bbae004b3be338edc14cf)
- Revision 7b2d548d by Natanael Copa on 2013-05-24T15:08:41Z:
main/libxxf86dga: fix CVE-2013-1991,CVE-2013-2000
ref #1931
fixes #1980
(cherry picked from commit decef4fe3c4a8fac3afe45c8beebfa95550484f7)
- Revision 900dfe0f by Natanael Copa on 2013-05-24T15:09:17Z:
main/libxt: fix CVE-2013-2002,CVE-2013-2005
ref #1931
fixes #1992
(cherry picked from commit e6d9eccdf7eeb94ed8fdd2cd4e7ebd51ed7fb04a)
- Revision d6759740 by Natanael Copa on 2013-05-24T15:18:32Z:
main/libx11: security fix (CVE-2013-1981,CVE-2013-1997,CVE-2013-2004)
ref #1931
fixes #1933
(cherry picked from commit db1e74cf060eb177b9bd1f5ef787b90b19609c5b)
- Revision fa88d453 by Natanael Copa on 2013-05-24T15:19:07Z:
main/libxfixes: fix for CVE-2013-1983
ref #1931
fixes #1942
(cherry picked from commit b26655eaa38290e14b41bf0dd3645030445f42d7)
- Revision 4dbcef5e by Natanael Copa on 2013-05-24T15:19:48Z:
main/libxrender: fix CVE-2013-1987
ref #1931
fixes #1961
(cherry picked from commit de43558cd1904b59c2358a05514aea1d20fab1c2)
- Revision b870177a by Natanael Copa on 2013-05-24T15:20:26Z:
main/libxcursor: fix CVE-2013-2003
ref #1931
fixes #1997
(cherry picked from commit 12fb9608ca0d7e1478f57863518a56e57fc759bc)
- Revision 7a81be8a by Natanael Copa on 2013-05-24T15:25:08Z:
main/libxext: fix CVE-2013-1982
ref #1931
fixes #1938
(cherry picked from commit adf915bf8b5c4ff1c07648f42cee8ab4d804dede)
- Revision 15b6a406 by Natanael Copa on 2013-05-24T15:41:27Z:
main/libxi: security upgrade to 1.6.2.901 (CVE-2013-1984,CVE-2013-1995,CVE-2013-1998)
ref #1931
fixes #1945
- Revision ad1182c1 by Natanael Copa on 2013-05-24T15:49:27Z:
main/libxinerama: fix CVE-2013-1985
ref #1931
fixes #1949
(cherry picked from commit 3e5921fae9eef23dbc7c56b7905ccbf9de168cea)
- Revision 084e5c9a by Natanael Copa on 2013-05-24T15:50:02Z:
main/libxp: fix CVE-2013-2062
ref #1931
fixes #1953
(cherry picked from commit 596f76568714ab83fed8fef00c69f6493e6996e3)
- Revision dfb6f713 by Natanael Copa on 2013-05-24T15:52:52Z:
main/libxrandr: fix CVE-2013-1986
ref #1931
fixes #1957
(cherry picked from commit f4a1e4bfe936b7b1c1364a8ebc769145f060ce25)
- Revision 466fbad7 by Natanael Copa on 2013-05-24T15:52:52Z:
main/libxres: fix CVE-2013-1988
ref #1931
fixes #1965
(cherry picked from commit b262cf6c02f0e15dc88618b6a9e1298ace184057)
- Revision 37cf490b by Natanael Copa on 2013-05-24T15:52:52Z:
main/libxv: fix CVE-2013-1989,CVE-2013-2066
ref #1931
fixes #1973
(cherry picked from commit a04d1c8ff925273f3caf3a46393cf73ac2b96ab5)
- Revision 6983ca56 by Natanael Copa on 2013-05-24T15:54:20Z:
main/libxvmc: fix CVE-2013-1990,CVE-2013-1999
ref #1931
fixes #1977
(cherry picked from commit dfac4cbecc1c27d53504a0d9a80019146c9c9bfb)
- Revision 96ea7ed3 by Natanael Copa on 2013-05-24T15:55:00Z:
main/libxxf86vm: fix CVE-2013-2001
ref #1931
fixes #1989
(cherry picked from commit a632a13327ab882c590bbae004b3be338edc14cf)
- Revision 234dad5c by Natanael Copa on 2013-05-24T15:55:33Z:
main/libxxf86dga: fix CVE-2013-1991,CVE-2013-2000
ref #1931
fixes #1981
(cherry picked from commit decef4fe3c4a8fac3afe45c8beebfa95550484f7)
- Revision 2d73a8ba by Natanael Copa on 2013-05-24T15:56:07Z:
main/libxt: fix CVE-2013-2002,CVE-2013-2005
ref #1931
fixes #1993
(cherry picked from commit e6d9eccdf7eeb94ed8fdd2cd4e7ebd51ed7fb04a)
- Revision 9688473a by Natanael Copa on 2013-05-24T16:03:44Z:
main/libxcb: security fix (CVE-2013-2064)
ref #1931
fixes #1986
(cherry picked from commit 682ed1fa3f5d7338fff3b497e1b95d45b2481e79)
Conflicts:
main/libxcb/APKBUILD
- Revision 2649f751 by Natanael Copa on 2013-05-24T16:08:10Z:
main/libx11: security fix (CVE-2013-1981,CVE-2013-1997,CVE-2013-2004)
ref #1931
fixes #1934
(cherry picked from commit db1e74cf060eb177b9bd1f5ef787b90b19609c5b)
- Revision adad53cf by Natanael Copa on 2013-05-24T16:18:21Z:
main/libxfixes: fix for CVE-2013-1983
ref #1931
fixes #1941
(cherry picked from commit b26655eaa38290e14b41bf0dd3645030445f42d7)
- Revision 2ae1730c by Natanael Copa on 2013-05-24T16:19:03Z:
main/libxrender: fix CVE-2013-1987
ref #1931
fixes #1962
(cherry picked from commit de43558cd1904b59c2358a05514aea1d20fab1c2)
- Revision 99d3e572 by Natanael Copa on 2013-05-24T16:19:38Z:
main/libxcursor: fix CVE-2013-2003
ref #1931
fixes #1998
(cherry picked from commit 12fb9608ca0d7e1478f57863518a56e57fc759bc)
- Revision 24d0ce7a by Natanael Copa on 2013-05-24T16:21:13Z:
main/libxext: fix CVE-2013-1982
ref #1931
fixes #1937
(cherry picked from commit adf915bf8b5c4ff1c07648f42cee8ab4d804dede)
- Revision 12ae6c6d by Natanael Copa on 2013-05-24T16:24:02Z:
main/libxi: security upgrade to 1.6.2.901 (CVE-2013-1984,CVE-2013-1995,CVE-2013-1998)
ref #1931
fixes #1946
- Revision 33a1152b by Natanael Copa on 2013-05-24T16:25:02Z:
main/libxinerama: fix CVE-2013-1985
ref #1931
fixes #1950
(cherry picked from commit 3e5921fae9eef23dbc7c56b7905ccbf9de168cea)
- Revision 04fca744 by Natanael Copa on 2013-05-24T16:26:19Z:
main/libxp: fix CVE-2013-2062
ref #1931
fixes #1954
(cherry picked from commit 596f76568714ab83fed8fef00c69f6493e6996e3)
- Revision 0df792b8 by Natanael Copa on 2013-05-24T16:39:02Z:
main/libxrandr: fix CVE-2013-1986
ref #1931
fixes #1958
- Revision 1953e418 by Natanael Copa on 2013-05-24T16:40:11Z:
main/libxres: fix CVE-2013-1988
ref #1931
fixes #1966
(cherry picked from commit b262cf6c02f0e15dc88618b6a9e1298ace184057)
- Revision 116a8d9c by Natanael Copa on 2013-05-24T16:40:51Z:
main/libxv: fix CVE-2013-1989,CVE-2013-2066
ref #1931
fixes #1974
(cherry picked from commit a04d1c8ff925273f3caf3a46393cf73ac2b96ab5)
- Revision 0ec2f93c by Natanael Copa on 2013-05-24T16:41:25Z:
main/libxvmc: fix CVE-2013-1990,CVE-2013-1999
ref #1931
fixes #1978
(cherry picked from commit dfac4cbecc1c27d53504a0d9a80019146c9c9bfb)
- Revision d5889b38 by Natanael Copa on 2013-05-24T16:42:00Z:
main/libxxf86vm: fix CVE-2013-2001
ref #1931
fixes #1990
(cherry picked from commit a632a13327ab882c590bbae004b3be338edc14cf)
- Revision 6e94674a by Natanael Copa on 2013-05-24T16:42:40Z:
main/libxxf86dga: fix CVE-2013-1991,CVE-2013-2000
ref #1931
fixes #1982
(cherry picked from commit decef4fe3c4a8fac3afe45c8beebfa95550484f7)
- Revision f7aaccfd by Natanael Copa on 2013-05-24T16:43:16Z:
main/libxt: fix CVE-2013-2002,CVE-2013-2005
ref #1931
fixes #1994
(cherry picked from commit e6d9eccdf7eeb94ed8fdd2cd4e7ebd51ed7fb04a)
- Revision bfa00153 by Natanael Copa on 2013-05-24T16:47:10Z:
main/libxcb: security fix (CVE-2013-2064)
ref #1931
fixes #1987
(cherry picked from commit 682ed1fa3f5d7338fff3b497e1b95d45b2481e79)
Conflicts:
main/libxcb/APKBUILD
(cherry picked from commit 9688473ac6aba4112f17501b088e2eb353ec56c2)
Conflicts:
main/libxcb/APKBUILD
- Revision bb827127 by Natanael Copa on 2013-05-24T16:59:25Z:
main/libx11: security fix (CVE-2013-1981,CVE-2013-1997,CVE-2013-2004)
ref #1931
fixes #1935
- Revision 6211fb83 by Natanael Copa on 2013-05-27T15:59:54Z:
main/libxfixes: fix for CVE-2013-1983
ref #1931
fixes #1940
(cherry picked from commit adad53cfd12db1c1f98f8beafae12554e5a9a8f1)
- Revision b2f170f1 by Natanael Copa on 2013-05-27T16:06:46Z:
main/libxrender: fix CVE-2013-1987
ref #1931
fixes #1963
(cherry picked from commit 2ae1730c58fb4314514c31b87eaff8759f81d236)
Conflicts:
main/libxrender/APKBUILD
- Revision cb0cd770 by Natanael Copa on 2013-05-27T16:06:56Z:
main/libxcursor: fix CVE-2013-2003
ref #1931
fixes #1999
(cherry picked from commit 99d3e572056d735f20db0b6a80e86398462ee97b)
Conflicts:
main/libxcursor/APKBUILD
- Revision 25d30f94 by Natanael Copa on 2013-05-27T16:06:57Z:
main/libxext: fix CVE-2013-1982
ref #1931
fixes #1936
(cherry picked from commit adf915bf8b5c4ff1c07648f42cee8ab4d804dede)
(cherry picked from commit 24d0ce7a8c4c75342428d763b97a7f4e69b0a118)
Conflicts:
main/libxext/APKBUILD
- Revision daf9b293 by Natanael Copa on 2013-05-27T16:06:57Z:
main/libxi: fix CVE-2013-1984,CVE-2013-1995,CVE-2013-1998
ref #1931
fixes #1947
- Revision 98a1bfcf by Natanael Copa on 2013-05-27T16:06:57Z:
main/libxinerama: upgrade to 1.1.2 and fix CVE-2013-1985
ref #1931
fixes #1951
(cherry picked from commit 3e5921fae9eef23dbc7c56b7905ccbf9de168cea)
(cherry picked from commit 33a1152b1f5f134b0fe6439b0eaec2a46574b561)
Conflicts:
main/libxinerama/APKBUILD
- Revision 2010f65d by Natanael Copa on 2013-05-27T16:06:58Z:
main/libxp: fix CVE-2013-2062
ref #1931
fixes #1955
(cherry picked from commit 596f76568714ab83fed8fef00c69f6493e6996e3)
(cherry picked from commit 04fca7445c2068e588b79b32e01639ef1a0de1b6)
- Revision 933231c9 by Natanael Copa on 2013-05-27T16:06:58Z:
main/libxrandr: fix CVE-2013-1986
ref #1931
fixes #1959
(cherry picked from commit 0df792b849962f1e9302b2405f6d846e414e27bc)
- Revision 5085262d by Natanael Copa on 2013-05-27T16:06:58Z:
main/libxres: fix CVE-2013-1988
ref #1931
fixes #1967
(cherry picked from commit b262cf6c02f0e15dc88618b6a9e1298ace184057)
(cherry picked from commit 1953e4184b10893c215af56b6968543717976d46)
Conflicts:
main/libxres/APKBUILD
- Revision 4b84d993 by Natanael Copa on 2013-05-27T16:06:58Z:
main/libxv: fix CVE-2013-1989,CVE-2013-2066
ref #1931
fixes #1975
(cherry picked from commit a04d1c8ff925273f3caf3a46393cf73ac2b96ab5)
(cherry picked from commit 116a8d9ca2f4a57fd5c27dc32f9d393d7ed3b48e)
Conflicts:
main/libxv/APKBUILD
- Revision 233e5746 by Natanael Copa on 2013-05-27T16:06:59Z:
main/libxvmc: fix CVE-2013-1990,CVE-2013-1999
ref #1931
fixes #1979
(cherry picked from commit dfac4cbecc1c27d53504a0d9a80019146c9c9bfb)
(cherry picked from commit 0ec2f93c9d72ee4b5af6481a370acbfcb426dc4e)
Conflicts:
main/libxvmc/APKBUILD
- Revision cc8d5025 by Natanael Copa on 2013-05-27T16:06:59Z:
main/libxxf86vm: fix CVE-2013-2001
ref #1931
fixes #1991
(cherry picked from commit a632a13327ab882c590bbae004b3be338edc14cf)
(cherry picked from commit d5889b384b3c55e50fddd85dad707f163012eaf4)
Conflicts:
main/libxxf86vm/APKBUILD
- Revision c312ec9f by Natanael Copa on 2013-05-27T16:06:59Z:
main/libxxf86dga: fix CVE-2013-1991,CVE-2013-2000
ref #1931
fixes #1983
(cherry picked from commit decef4fe3c4a8fac3afe45c8beebfa95550484f7)
(cherry picked from commit 6e94674a196771ea7599e54e128c8a4cedbdbe49)
Conflicts:
main/libxxf86dga/APKBUILD
- Revision dc3a97fa by Natanael Copa on 2013-05-27T16:07:00Z:
main/libxt: fix CVE-2013-2002,CVE-2013-2005
ref #1931
fixes #1995
(cherry picked from commit e6d9eccdf7eeb94ed8fdd2cd4e7ebd51ed7fb04a)
(cherry picked from commit f7aaccfd77acfce44d757b68afb7d33532f9447e)
Conflicts:
main/libxt/APKBUILD
- Revision ca33affe by Natanael Copa on 2013-05-27T16:32:42Z:
main/libxtst: fix CVE-2013-2063
ref #1931
- Revision 2f591145 by Natanael Copa on 2013-05-27T16:37:26Z:
main/libxtst: fix CVE-2013-2063
ref #1931
fixes #1968
(cherry picked from commit ca33affea49de655ea0a1aa27accea11f84df7c1)
- Revision 93759380 by Natanael Copa on 2013-05-27T16:38:27Z:
main/libxtst: fix CVE-2013-2063
ref #1931
fixes #1969
(cherry picked from commit ca33affea49de655ea0a1aa27accea11f84df7c1)
- Revision 40666159 by Natanael Copa on 2013-05-27T16:41:01Z:
main/libxtst: fix CVE-2013-2063
ref #1931
fixes #1970
(cherry picked from commit ca33affea49de655ea0a1aa27accea11f84df7c1)
- Revision 1a986b6d by Natanael Copa on 2013-05-27T16:44:03Z:
main/libxtst: fix CVE-2013-2063
ref #1931
fixes #1971
(cherry picked from commit ca33affea49de655ea0a1aa27accea11f84df7c1)
Conflicts:
main/libxtst/APKBUILD