git.libre-soc.org Git - buildroot.git/commit

author	Peter Korsgaard <peter@korsgaard.com>
	Tue, 1 Dec 2020 17:49:03 +0000 (18:49 +0100)
committer	Peter Korsgaard <peter@korsgaard.com>
	Tue, 1 Dec 2020 22:01:09 +0000 (23:01 +0100)
commit	c773336463bc605e2e5ceb8288937b7aacb26d04
tree	b69ca1e4e414288e7cfa8fdbcec60d7e3107187a	tree
parent	692829d967c30768859c9e043c15f45edda109ac	commit \| diff

package/x11r7/xserver_xorg-server: add upstream security fixes for CVE-2020-14360 / 25712

Fixes the following security issues:

* CVE-2020-14360 / ZDI CAN 11572 XkbSetMap Out-Of-Bounds Access

  Insufficient checks on the lengths of the XkbSetMap request can lead to
  out of bounds memory accesses in the X server.

* CVE-2020-25712 / ZDI-CAN-11839 XkbSetDeviceInfo Heap-based Buffer Overflow

  Insufficient checks on input of the XkbSetDeviceInfo request can lead to a
  buffer overflow on the head in the X server.

For more details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/12/01/3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/x11r7/xserver_xorg-server/0007-Fix-XkbSetDeviceInfo-and-SetDeviceIndicators-heap-ov.patch	[new file with mode: 0644]	blob
package/x11r7/xserver_xorg-server/0008-Check-SetMap-request-length-carefully.patch	[new file with mode: 0644]	blob