code.ossystems Code Review - openembedded-core.git/commit

]> code.ossystems Code Review - openembedded-core.git/commit

Code Review / openembedded-core.git / commit

author	Jackie Huang <jackie.huang@windriver.com>
	Thu, 17 Aug 2017 07:39:13 +0000 (15:39 +0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Mon, 11 Sep 2017 21:15:51 +0000 (22:15 +0100)
commit	8c42a9508bded870d1ac018e2cfa129772983c52
tree	a8f085dc1e6ae62812f47ae2e1ba0c7788815fdf	tree \| snapshot
parent	4077e088b6e750c4143a59c5d89258ab682ed96b	commit \| diff

xserver-xorg: Fix CVE-2017-10971

Backport 3 patches to fix CVE-2017-10971:

In the X.Org X server before 2017-06-19, a user authenticated to an X
Session could crash or execute code in the context of the X Server by
exploiting a stack overflow in the endianness conversion of X Events.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-10971

(From OE-Core rev: 20428f660f2c046c63bbf63c4e4af95dac9f2b3d)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2017-10971-1.patch	[new file with mode: 0644]	blob
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2017-10971-2.patch	[new file with mode: 0644]	blob
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2017-10971-3.patch	[new file with mode: 0644]	blob
meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.1.bb		diff \| blob \| history

Mirror of the official openembedded-core repository

RSS Atom