]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: a8a9b0d) | patch
xserver-xorg: fix CVE-2021-3472
authorStefan Ghinea <stefan.ghinea@windriver.com>
Thu, 29 Apr 2021 17:15:33 +0000 (20:15 +0300)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sun, 2 May 2021 22:21:39 +0000 (23:21 +0100)
commit6fec5fea942ce88e33e5cf4c2102d69ce25e7180
tree6ec0e2705a1ac320e1c776159f2d84c710c74860tree | snapshot
parenta8a9b0d9155ee9f233e46021eae896552428c51acommit | diff
xserver-xorg: fix CVE-2021-3472

Insufficient checks on the lengths of the XInput extension
ChangeFeedbackControl request can lead to out of bounds memory accesses
in the X server.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-3472

Upstream patches:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd

Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-3472.patch [new file with mode: 0644] blob
meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb diff | blob | history
Mirror of the official openembedded-core repository