* [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3
@ 2017-01-10 11:11 Sona Sarmadi
2017-01-11 6:45 ` FW: " Sona Sarmadi
0 siblings, 1 reply; 3+ messages in thread
From: Sona Sarmadi @ 2017-01-10 11:11 UTC (permalink / raw)
To: openembedded-core
Upgrade libxtst from 1.2.2 to 1.2.3 to address:
Out of Bounds Write Denial of Service Vulnerability, CVE-2016-7951
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951
https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
meta/recipes-graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} (78%)
diff --git a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
similarity index 78%
rename from meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
rename to meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
index 1b0bcf3..31ea439 100644
--- a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
+++ b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
@@ -16,5 +16,5 @@ PE = "1"
XORG_PN = "libXtst"
-SRC_URI[md5sum] = "25c6b366ac3dc7a12c5d79816ce96a59"
-SRC_URI[sha256sum] = "ef0a7ffd577e5f1a25b1663b375679529663a1880151beaa73e9186c8309f6d9"
+SRC_URI[md5sum] = "ef8c2c1d16a00bd95b9fdcef63b8a2ca"
+SRC_URI[sha256sum] = "4655498a1b8e844e3d6f21f3b2c4e2b571effb5fd83199d428a6ba7ea4bf5204"
--
1.9.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* FW: [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3
2017-01-10 11:11 [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3 Sona Sarmadi
@ 2017-01-11 6:45 ` Sona Sarmadi
2017-01-18 22:34 ` akuster808
0 siblings, 1 reply; 3+ messages in thread
From: Sona Sarmadi @ 2017-01-11 6:45 UTC (permalink / raw)
To: Armin Kuster (akuster808@gmail.com); +Cc: openembedded-core
Hi Armin,
I hope it is ok to upgrade libXtst, please let me know if you want to keep the same version and apply the patch instead of upgrade.
The upgrade have only following changes:
https://cgit.freedesktop.org/xorg/lib/libXtst/
Age Commit message Author Files Lines
2016-10-04 libXtst 1.2.3HEADlibXtst-1.2.3master Matthieu Herrb 1 -1/+1
2016-09-25 Out of boundary access and endless loop in libXtst Tobias Stoeckmann 1 -4/+39
2013-11-23 Remove fallback for _XEatDataWords, require libX11 1.6 for it Michael Joost 2 -18/+1
2013-05-31 libXtst 1.2.2libXtst-1.2.2
This does not affect master. According to Mitre this affects libXtst before 1.2.3:
Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.
Cheers
//Sona
> -----Original Message-----
> From: openembedded-core-bounces@lists.openembedded.org
> [mailto:openembedded-core-bounces@lists.openembedded.org] On
> Behalf Of Sona Sarmadi
> Sent: den 10 januari 2017 12:11
> To: openembedded-core@lists.openembedded.org
> Subject: [OE-core] [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3
>
> Upgrade libxtst from 1.2.2 to 1.2.3 to address:
> Out of Bounds Write Denial of Service Vulnerability, CVE-2016-7951
>
> References:
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951
> https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af312
> 9ec4a7a4f4b54a0d59701beeae3
>
> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
> ---
> meta/recipes-graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} | 4
> ++--
> 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-
> graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} (78%)
>
> diff --git a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
> b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
> similarity index 78%
> rename from meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
> rename to meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
> index 1b0bcf3..31ea439 100644
> --- a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
> +++ b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
> @@ -16,5 +16,5 @@ PE = "1"
>
> XORG_PN = "libXtst"
>
> -SRC_URI[md5sum] = "25c6b366ac3dc7a12c5d79816ce96a59"
> -SRC_URI[sha256sum] =
> "ef0a7ffd577e5f1a25b1663b375679529663a1880151beaa73e9186c83
> 09f6d9"
> +SRC_URI[md5sum] = "ef8c2c1d16a00bd95b9fdcef63b8a2ca"
> +SRC_URI[sha256sum] =
> "4655498a1b8e844e3d6f21f3b2c4e2b571effb5fd83199d428a6ba7ea4b
> f5204"
> --
> 1.9.1
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: FW: [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3
2017-01-11 6:45 ` FW: " Sona Sarmadi
@ 2017-01-18 22:34 ` akuster808
0 siblings, 0 replies; 3+ messages in thread
From: akuster808 @ 2017-01-18 22:34 UTC (permalink / raw)
To: Sona Sarmadi; +Cc: openembedded-core
On 01/10/2017 10:45 PM, Sona Sarmadi wrote:
> Hi Armin,
>
> I hope it is ok to upgrade libXtst, please let me know if you want to keep the same version and apply the patch instead of upgrade.
this is reasonable request. once its in Morty, I will pull it into krogoth.
thanks for sending the request.
- armin
>
> The upgrade have only following changes:
>
> https://cgit.freedesktop.org/xorg/lib/libXtst/
> Age Commit message Author Files Lines
> 2016-10-04 libXtst 1.2.3HEADlibXtst-1.2.3master Matthieu Herrb 1 -1/+1
> 2016-09-25 Out of boundary access and endless loop in libXtst Tobias Stoeckmann 1 -4/+39
> 2013-11-23 Remove fallback for _XEatDataWords, require libX11 1.6 for it Michael Joost 2 -18/+1
> 2013-05-31 libXtst 1.2.2libXtst-1.2.2
>
> This does not affect master. According to Mitre this affects libXtst before 1.2.3:
>
> Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.
>
> Cheers
> //Sona
>
>> -----Original Message-----
>> From: openembedded-core-bounces@lists.openembedded.org
>> [mailto:openembedded-core-bounces@lists.openembedded.org] On
>> Behalf Of Sona Sarmadi
>> Sent: den 10 januari 2017 12:11
>> To: openembedded-core@lists.openembedded.org
>> Subject: [OE-core] [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3
>>
>> Upgrade libxtst from 1.2.2 to 1.2.3 to address:
>> Out of Bounds Write Denial of Service Vulnerability, CVE-2016-7951
>>
>> References:
>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951
>> https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af312
>> 9ec4a7a4f4b54a0d59701beeae3
>>
>> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
>> ---
>> meta/recipes-graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} | 4
>> ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-
>> graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} (78%)
>>
>> diff --git a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
>> b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
>> similarity index 78%
>> rename from meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
>> rename to meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
>> index 1b0bcf3..31ea439 100644
>> --- a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
>> +++ b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
>> @@ -16,5 +16,5 @@ PE = "1"
>>
>> XORG_PN = "libXtst"
>>
>> -SRC_URI[md5sum] = "25c6b366ac3dc7a12c5d79816ce96a59"
>> -SRC_URI[sha256sum] =
>> "ef0a7ffd577e5f1a25b1663b375679529663a1880151beaa73e9186c83
>> 09f6d9"
>> +SRC_URI[md5sum] = "ef8c2c1d16a00bd95b9fdcef63b8a2ca"
>> +SRC_URI[sha256sum] =
>> "4655498a1b8e844e3d6f21f3b2c4e2b571effb5fd83199d428a6ba7ea4b
>> f5204"
>> --
>> 1.9.1
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-01-18 22:34 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-10 11:11 [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3 Sona Sarmadi
2017-01-11 6:45 ` FW: " Sona Sarmadi
2017-01-18 22:34 ` akuster808
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.