summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlanCoopersmith <AlanCoopersmith@web>2014-12-09 13:12:23 -0800
committerxorg <iki-xorg@freedesktop.org>2014-12-09 13:12:23 -0800
commit5cd7347709a490bbb18770e067e579e520b585b9 (patch)
treed74b5c7c49574d3a38acac84240d1ead229d58e6
parent9427f27044b3a69f95970ea0ebd3e6e5200b73b4 (diff)
fix commit list links
-rw-r--r--Development/Security/Advisory-2014-12-09.mdwn76
1 files changed, 38 insertions, 38 deletions
diff --git a/Development/Security/Advisory-2014-12-09.mdwn b/Development/Security/Advisory-2014-12-09.mdwn
index 800042b4..31506214 100644
--- a/Development/Security/Advisory-2014-12-09.mdwn
+++ b/Development/Security/Advisory-2014-12-09.mdwn
@@ -230,47 +230,47 @@ some functions listed may not have been introduced until later versions.
Fixes are available in these git commits:
-*Note that many of these patches depend on being applied in the same order as they are in git, or on other non-CVE patches in git, and won't necessarily apply in the order listed here to previous tarball releases.*
+*Note that many of these patches depend on being applied in the same order as they are in git, or on other non-CVE patches in git, and won't necessarily apply as is to previous tarball releases.*
<tt>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=90cc925c5991fcb203f72d00b04419cd754a9b2c">90cc925c5991fcb203f72d00b04419cd754a9b2c unchecked malloc may allow unauthed client to crash Xserver [CVE-2014-8091]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=eeae42d60bf3d5663ea088581f6c28a82cd17829">eeae42d60bf3d5663ea088581f6c28a82cd17829 dix: integer overflow in ProcPutImage() [CVE-2014-8092 1/4]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=bc8e20430b6f6378daf6ce4329029248a88af08b">bc8e20430b6f6378daf6ce4329029248a88af08b dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=97015a07b9e15d8ec5608b95d95ec0eb51202acb">97015a07b9e15d8ec5608b95d95ec0eb51202acb dix: integer overflow in RegionSizeof() [CVE-2014-8092 3/4]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e0e11644622a589129a01e11e5d105dc74a098de">e0e11644622a589129a01e11e5d105dc74a098de dix: integer overflow in REQUEST_FIXED_SIZE() [CVE-2014-8092 4/4]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=6692670fde081bbfe9313f17d84037ae9116702a">6692670fde081bbfe9313f17d84037ae9116702a dri2: integer overflow in ProcDRI2GetBuffers() [CVE-2014-8094]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=2ef42519c41e793579c9cea699c866fee3d9321f">2ef42519c41e793579c9cea699c866fee3d9321f dbe: unvalidated lengths in DbeSwapBuffers calls [CVE-2014-8097]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=73c63afb93c0af1bfd1969bf6e71c9edca586c77">73c63afb93c0af1bfd1969bf6e71c9edca586c77 Xi: unvalidated lengths in Xinput extension [CVE-2014-8095]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=7553082b9b883b5f130044f3d53bce2f0b660e52">7553082b9b883b5f130044f3d53bce2f0b660e52 xcmisc: unvalidated length in SProcXCMiscGetXIDList() [CVE-2014-8096]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=32a95fb7c7dbe22c9441c62762dfa4a8ec54d6c3">32a95fb7c7dbe22c9441c62762dfa4a8ec54d6c3 Xv: unvalidated lengths in XVideo extension swapped procs [CVE-2014-8099]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=0a6085aaf3581cca558d960ea176ddf3a41a2213">0a6085aaf3581cca558d960ea176ddf3a41a2213 dri3: unvalidated lengths in DRI3 extension swapped procs [CVE-2014-8103 1/2]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=d155b7a8e38e74aee96bf52c20c8b6a330d7d462">d155b7a8e38e74aee96bf52c20c8b6a330d7d462 present: unvalidated lengths in Present extension procs [CVE-2014-8103 2/2]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=3df2fcf12499ebdb26b9b67419ea485a42041f33">3df2fcf12499ebdb26b9b67419ea485a42041f33 randr: unvalidated lengths in RandR extension swapped procs [CVE-2014-8101]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b5f9ef03df6a650571b29d3d1c1d2b67c6e84336">b5f9ef03df6a650571b29d3d1c1d2b67c6e84336 render: check request size before reading it [CVE-2014-8100 1/2]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=5d3a788aeb2fbd3ca2812747dc18c94a8b981c63">5d3a788aeb2fbd3ca2812747dc18c94a8b981c63 render: unvalidated lengths in Render extn. swapped procs [CVE-2014-8100 2/2]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=a0ece23a8bd300c8be10812d368dc8058c97c63e">a0ece23a8bd300c8be10812d368dc8058c97c63e xfixes: unvalidated length in SProcXFixesSelectSelectionInput [CVE-2014-8102]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=d153a85f7478a7a67ccb02fbca6390b0ab1732ee">d153a85f7478a7a67ccb02fbca6390b0ab1732ee Add request length checking test cases for some Xinput 1.x requests</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=2df83bb122debc3c20cfc3d3b0edc85cd0270f79">2df83bb122debc3c20cfc3d3b0edc85cd0270f79 Add request length checking test cases for some Xinput 2.x requests</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=f4afd53f2aeaddf509bf9f71d1716dd273fd6e14">f4afd53f2aeaddf509bf9f71d1716dd273fd6e14 Add REQUEST_FIXED_SIZE testcases to test/misc.c</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=23fe7718bb171e71db2d1a30505c2ca2988799d9">23fe7718bb171e71db2d1a30505c2ca2988799d9 glx: Be more paranoid about variable-length requests [CVE-2014-8093 1/6]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=ab2ba9338aa5e85b4487bc7fbe69985c76483e01">ab2ba9338aa5e85b4487bc7fbe69985c76483e01 glx: Be more strict about rejecting invalid image sizes [CVE-2014-8093 2/6]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=717a1b37767b41e14859e5022ae9e679152821a9">717a1b37767b41e14859e5022ae9e679152821a9 glx: Additional paranoia in __glXGetAnswerBuffer / __GLX_GET_ANSWER_BUFFER (v2) [CVE-2014-8093 3/6]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=13d36923e0ddb077f4854e354c3d5c80590b5d9d">13d36923e0ddb077f4854e354c3d5c80590b5d9d glx: Fix image size computation for EXT_texture_integer [CVE-2014-8098 1/8]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=2a5cbc17fc72185bf0fa06fef26d1f782de72595">2a5cbc17fc72185bf0fa06fef26d1f782de72595 glx: Add safe_{add,mul,pad} (v3) [CVE-2014-8093 4/6]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=be09e0c988ffdb0371293af49fb4ea8f49ed324a">be09e0c988ffdb0371293af49fb4ea8f49ed324a glx: Length checking for GLXRender requests (v2) [CVE-2014-8098 2/8]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=698888e6671d54c7ae41e9d456f7f5483a3459d2">698888e6671d54c7ae41e9d456f7f5483a3459d2 glx: Integer overflow protection for non-generated render requests (v3) [CVE-2014-8093 5/6]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=a33a939e6abb255b14d8dbc85fcbd2c55b958bae">a33a939e6abb255b14d8dbc85fcbd2c55b958bae glx: Length checking for RenderLarge requests (v2) [CVE-2014-8098 3/8]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=c91e4abc3b892f42802efa20fef7ada442c2d3f5">c91e4abc3b892f42802efa20fef7ada442c2d3f5 glx: Top-level length checking for swapped VendorPrivate requests [CVE-2014-8098 4/8]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=afe177020d1fb776c6163f21eddc82cb185b95ca">afe177020d1fb776c6163f21eddc82cb185b95ca glx: Request length checks for SetClientInfoARB [CVE-2014-8098 5/8]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=44ba149f28ece93c2fbfc9cc980588de5322dd4b">44ba149f28ece93c2fbfc9cc980588de5322dd4b glx: Length-checking for non-generated vendor private requests [CVE-2014-8098 6/8]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=984583a497c813df5827ae22483133e704fee79c">984583a497c813df5827ae22483133e704fee79c glx: Length checking for non-generated single requests (v2) [CVE-2014-8098 7/8]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e883c170c15493ab3637c0a01890f5a7ca4e16a5">e883c170c15493ab3637c0a01890f5a7ca4e16a5 glx: Pass remaining request length into ->varsize (v2) [CVE-2014-8098 8/8]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=7e7630bbb775573eea2a2335adb9d190c3e1e971">7e7630bbb775573eea2a2335adb9d190c3e1e971 glx: Fix mask truncation in __glXGetAnswerBuffer [CVE-2014-8093 6/6]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b20912c3d45cbbde3c443e6c3d9e189092fe65e1">b20912c3d45cbbde3c443e6c3d9e189092fe65e1 dbe: Call to DDX SwapBuffers requires address of int, not unsigned int [CVE-2014-8097 pt. 2]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=61b17c0f10307e25e51e30e6fb1d3e3127f82d86">61b17c0f10307e25e51e30e6fb1d3e3127f82d86 glx: Can't mix declarations and code in X.org sources [CVE-2014-8098 pt. 9]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=9802a0162f738de03585ca3f3b8a8266494f7d45">9802a0162f738de03585ca3f3b8a8266494f7d45 Missing parens in REQUEST_FIXED_SIZE macro [CVE-2014-8092 pt. 5]</a>
- * <a href="http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=1559a94395258fd73e369f1a2c98a44bfe21a486">1559a94395258fd73e369f1a2c98a44bfe21a486 dix: GetHosts bounds check using wrong pointer value [CVE-2014-8092 pt. 6]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=90cc925c5991fcb203f72d00b04419cd754a9b2c">90cc925c5991fcb203f72d00b04419cd754a9b2c unchecked malloc may allow unauthed client to crash Xserver [CVE-2014-8091]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=eeae42d60bf3d5663ea088581f6c28a82cd17829">eeae42d60bf3d5663ea088581f6c28a82cd17829 dix: integer overflow in ProcPutImage() [CVE-2014-8092 1/4]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=bc8e20430b6f6378daf6ce4329029248a88af08b">bc8e20430b6f6378daf6ce4329029248a88af08b dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=97015a07b9e15d8ec5608b95d95ec0eb51202acb">97015a07b9e15d8ec5608b95d95ec0eb51202acb dix: integer overflow in RegionSizeof() [CVE-2014-8092 3/4]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=e0e11644622a589129a01e11e5d105dc74a098de">e0e11644622a589129a01e11e5d105dc74a098de dix: integer overflow in REQUEST_FIXED_SIZE() [CVE-2014-8092 4/4]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=6692670fde081bbfe9313f17d84037ae9116702a">6692670fde081bbfe9313f17d84037ae9116702a dri2: integer overflow in ProcDRI2GetBuffers() [CVE-2014-8094]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=2ef42519c41e793579c9cea699c866fee3d9321f">2ef42519c41e793579c9cea699c866fee3d9321f dbe: unvalidated lengths in DbeSwapBuffers calls [CVE-2014-8097]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=73c63afb93c0af1bfd1969bf6e71c9edca586c77">73c63afb93c0af1bfd1969bf6e71c9edca586c77 Xi: unvalidated lengths in Xinput extension [CVE-2014-8095]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=7553082b9b883b5f130044f3d53bce2f0b660e52">7553082b9b883b5f130044f3d53bce2f0b660e52 xcmisc: unvalidated length in SProcXCMiscGetXIDList() [CVE-2014-8096]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=32a95fb7c7dbe22c9441c62762dfa4a8ec54d6c3">32a95fb7c7dbe22c9441c62762dfa4a8ec54d6c3 Xv: unvalidated lengths in XVideo extension swapped procs [CVE-2014-8099]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=0a6085aaf3581cca558d960ea176ddf3a41a2213">0a6085aaf3581cca558d960ea176ddf3a41a2213 dri3: unvalidated lengths in DRI3 extension swapped procs [CVE-2014-8103 1/2]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=d155b7a8e38e74aee96bf52c20c8b6a330d7d462">d155b7a8e38e74aee96bf52c20c8b6a330d7d462 present: unvalidated lengths in Present extension procs [CVE-2014-8103 2/2]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=3df2fcf12499ebdb26b9b67419ea485a42041f33">3df2fcf12499ebdb26b9b67419ea485a42041f33 randr: unvalidated lengths in RandR extension swapped procs [CVE-2014-8101]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=b5f9ef03df6a650571b29d3d1c1d2b67c6e84336">b5f9ef03df6a650571b29d3d1c1d2b67c6e84336 render: check request size before reading it [CVE-2014-8100 1/2]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=5d3a788aeb2fbd3ca2812747dc18c94a8b981c63">5d3a788aeb2fbd3ca2812747dc18c94a8b981c63 render: unvalidated lengths in Render extn. swapped procs [CVE-2014-8100 2/2]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=a0ece23a8bd300c8be10812d368dc8058c97c63e">a0ece23a8bd300c8be10812d368dc8058c97c63e xfixes: unvalidated length in SProcXFixesSelectSelectionInput [CVE-2014-8102]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=d153a85f7478a7a67ccb02fbca6390b0ab1732ee">d153a85f7478a7a67ccb02fbca6390b0ab1732ee Add request length checking test cases for some Xinput 1.x requests</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=2df83bb122debc3c20cfc3d3b0edc85cd0270f79">2df83bb122debc3c20cfc3d3b0edc85cd0270f79 Add request length checking test cases for some Xinput 2.x requests</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=f4afd53f2aeaddf509bf9f71d1716dd273fd6e14">f4afd53f2aeaddf509bf9f71d1716dd273fd6e14 Add REQUEST_FIXED_SIZE testcases to test/misc.c</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=23fe7718bb171e71db2d1a30505c2ca2988799d9">23fe7718bb171e71db2d1a30505c2ca2988799d9 glx: Be more paranoid about variable-length requests [CVE-2014-8093 1/6]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=ab2ba9338aa5e85b4487bc7fbe69985c76483e01">ab2ba9338aa5e85b4487bc7fbe69985c76483e01 glx: Be more strict about rejecting invalid image sizes [CVE-2014-8093 2/6]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=717a1b37767b41e14859e5022ae9e679152821a9">717a1b37767b41e14859e5022ae9e679152821a9 glx: Additional paranoia in __glXGetAnswerBuffer / __GLX_GET_ANSWER_BUFFER (v2) [CVE-2014-8093 3/6]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=13d36923e0ddb077f4854e354c3d5c80590b5d9d">13d36923e0ddb077f4854e354c3d5c80590b5d9d glx: Fix image size computation for EXT_texture_integer [CVE-2014-8098 1/8]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=2a5cbc17fc72185bf0fa06fef26d1f782de72595">2a5cbc17fc72185bf0fa06fef26d1f782de72595 glx: Add safe_{add,mul,pad} (v3) [CVE-2014-8093 4/6]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=be09e0c988ffdb0371293af49fb4ea8f49ed324a">be09e0c988ffdb0371293af49fb4ea8f49ed324a glx: Length checking for GLXRender requests (v2) [CVE-2014-8098 2/8]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=698888e6671d54c7ae41e9d456f7f5483a3459d2">698888e6671d54c7ae41e9d456f7f5483a3459d2 glx: Integer overflow protection for non-generated render requests (v3) [CVE-2014-8093 5/6]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=a33a939e6abb255b14d8dbc85fcbd2c55b958bae">a33a939e6abb255b14d8dbc85fcbd2c55b958bae glx: Length checking for RenderLarge requests (v2) [CVE-2014-8098 3/8]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=c91e4abc3b892f42802efa20fef7ada442c2d3f5">c91e4abc3b892f42802efa20fef7ada442c2d3f5 glx: Top-level length checking for swapped VendorPrivate requests [CVE-2014-8098 4/8]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=afe177020d1fb776c6163f21eddc82cb185b95ca">afe177020d1fb776c6163f21eddc82cb185b95ca glx: Request length checks for SetClientInfoARB [CVE-2014-8098 5/8]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=44ba149f28ece93c2fbfc9cc980588de5322dd4b">44ba149f28ece93c2fbfc9cc980588de5322dd4b glx: Length-checking for non-generated vendor private requests [CVE-2014-8098 6/8]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=984583a497c813df5827ae22483133e704fee79c">984583a497c813df5827ae22483133e704fee79c glx: Length checking for non-generated single requests (v2) [CVE-2014-8098 7/8]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=e883c170c15493ab3637c0a01890f5a7ca4e16a5">e883c170c15493ab3637c0a01890f5a7ca4e16a5 glx: Pass remaining request length into ->varsize (v2) [CVE-2014-8098 8/8]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=7e7630bbb775573eea2a2335adb9d190c3e1e971">7e7630bbb775573eea2a2335adb9d190c3e1e971 glx: Fix mask truncation in __glXGetAnswerBuffer [CVE-2014-8093 6/6]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=b20912c3d45cbbde3c443e6c3d9e189092fe65e1">b20912c3d45cbbde3c443e6c3d9e189092fe65e1 dbe: Call to DDX SwapBuffers requires address of int, not unsigned int [CVE-2014-8097 pt. 2]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=61b17c0f10307e25e51e30e6fb1d3e3127f82d86">61b17c0f10307e25e51e30e6fb1d3e3127f82d86 glx: Can't mix declarations and code in X.org sources [CVE-2014-8098 pt. 9]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=9802a0162f738de03585ca3f3b8a8266494f7d45">9802a0162f738de03585ca3f3b8a8266494f7d45 Missing parens in REQUEST_FIXED_SIZE macro [CVE-2014-8092 pt. 5]</a>
+ * <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=1559a94395258fd73e369f1a2c98a44bfe21a486">1559a94395258fd73e369f1a2c98a44bfe21a486 dix: GetHosts bounds check using wrong pointer value [CVE-2014-8092 pt. 6]</a>
</tt>