[3.1] libxtst: Out of boundary access and endless loop (CVE-2016-7951, CVE-2016-7952)
CVE-2016-7951: Insufficient validation of server responses result in Integer overflows
CVE-2016-7952: Insufficient validation of server responses result in various data mishandlings
Fixed In Version:
libXtst 1.2.3
Reference:
https://lists.x.org/archives/xorg-announce/2016-October/002720.html
Patch:
https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3
(from redmine: issue id 6287, created on 2016-10-06, closed on 2016-10-25)
- Relations:
- parent #6282 (closed)
- Changesets:
- Revision 27d17144 on 2016-10-19T10:10:57Z:
main/libxtst: security fix (CVE-2016-7951, CVE-2016-7952)
Fixes #6287
(cherry picked from commit 844d03dc7da8ceadec964dc59dc4ba8c7d691ff4)