[3.1] libxi: various flaws (CVE-2016-7945, CVE-2016-7946)

CVE-2016-7945: Insufficient validation of server responses result in Integer overflows

CVE-2016-7946: Insufficient validation of server responses result in various data mishandlings

Affected versions:

libXi <= 1.7.6

Fixed In Version:

libXi 1.7.7

References:

http://seclists.org/oss-sec/2016/q4/17
https://lists.x.org/archives/xorg-announce/2016-October/002720.html

(from redmine: issue id 6305, created on 2016-10-07, closed on 2016-10-25)

• Relations:
  • parent #6300 (closed)
• Changesets:
  • Revision b0140e44 on 2016-10-20T10:07:10Z:

main/libxi: security fixes (CVE-2016-7945, CVE-2016-7946)

Fixes #6305

(cherry picked from commit ffaa32a96062a37c4b3aff0dc2b6e37661dab85a)