Change log for xorg-server-hwe-16.04 package in Ubuntu
1 → 14 of 14 results | First • Previous • Next • Last |
xorg-server-hwe-16.04 (2:1.19.6-1ubuntu4.1~16.04.6) xenial-security; urgency=medium * SECURITY UPDATE: XChangeFeedbackControl Integer Underflow - debian/patches/CVE-2021-3472.patch: add check to Xi/chgfctl.c. - CVE-2021-3472 -- Marc Deslauriers <email address hidden> Thu, 08 Apr 2021 09:42:05 -0400
Available diffs
xorg-server-hwe-16.04 (2:1.19.6-1ubuntu4.1~16.04.5) xenial-security; urgency=medium * SECURITY UPDATE: out of bounds memory accesses on too short request - debian/patches/CVE-2020-14360.patch: check SetMap request length carefully in xkb/xkb.c. - CVE-2020-14360 * SECURITY UPDATE: multiple heap overflows - debian/patches/CVE-2020-25712.patch: add bounds checks in xkb/xkb.c. - CVE-2020-25712 -- Marc Deslauriers <email address hidden> Mon, 30 Nov 2020 13:01:10 -0500
xorg-server-hwe-16.04 (2:1.19.6-1ubuntu4.1~16.04.4) xenial-security; urgency=medium * SECURITY UPDATE: Out-Of-Bounds access in XkbSetNames function - debian/patches/CVE-2020-14345.patch: correct bounds checking in xkb/xkb.c. - CVE-2020-14345 -- Marc Deslauriers <email address hidden> Fri, 04 Sep 2020 09:37:30 -0400
Available diffs
xorg-server-hwe-16.04 (2:1.19.6-1ubuntu4.1~16.04.3) xenial-security; urgency=medium * SECURITY UPDATE: Integer underflow in the X input extension protocol - debian/patches/CVE-2020-14346.patch: properly calculate length in Xi/xichangehierarchy.c. - CVE-2020-14346 * SECURITY UPDATE: server memory leak - debian/patches/CVE-2020-14347.patch: initialize memory in dix/pixmap.c. - CVE-2020-14347 * SECURITY UPDATE: Integer Underflow Privilege Escalation - debian/patches/CVE-2020-14361.patch: fix dataLeft calculation in xkb/xkbSwap.c. - CVE-2020-14361 * SECURITY UPDATE: Integer Underflow Privilege Escalation - debian/patches/CVE-2020-14362.patch: properly calculate lengths in record/record.c. - CVE-2020-14362 -- Marc Deslauriers <email address hidden> Mon, 31 Aug 2020 10:21:14 -0400
Available diffs
xorg-server-hwe-16.04 (2:1.19.6-1ubuntu4.1~16.04.2) xenial-security; urgency=medium * SECURITY UPDATE: Privilege escalation and file overwrite - debian/patches/CVE-2018-14665.patch: disable -logfile and -modulepath when running with elevated privileges in hw/xfree86/common/xf86Init.c. - CVE-2018-14665 -- Marc Deslauriers <email address hidden> Thu, 25 Oct 2018 11:22:30 -0400
Available diffs
xorg-server-hwe-16.04 (2:1.19.6-1ubuntu4.1~16.04.1) xenial; urgency=medium * prime-sync-refactor.diff: Fix crash on modesetting+amdgpu hybrid. (LP: #1789913) -- Timo Aaltonen <email address hidden> Wed, 05 Sep 2018 14:31:56 +0300
Available diffs
xorg-server-hwe-16.04 (2:1.19.6-1ubuntu4~16.04.1) xenial; urgency=medium * Backport to xenial (LP: #1772632) - Revert dropping patches 105, 188, 191, and disable improve-outputclass.diff, in order not to regress nvidia -- Timo Aaltonen <email address hidden> Wed, 06 Jun 2018 14:23:44 +0300
Available diffs
xorg-server-hwe-16.04 (2:1.19.5-0ubuntu2~16.04.1) xenial; urgency=medium * Backport to xenial. (LP: #1716203) - disable xwayland-tablet.diff, not needed on xenial * control, rules: Drop -dbg package as it got mistakenly added back due to a merge. This package had migrated to -dbgsym earlier. -- Timo Aaltonen <email address hidden> Tue, 19 Sep 2017 14:52:44 +0300
xorg-server-hwe-16.04 (2:1.19.3-1ubuntu1~16.04.4) xenial-security; urgency=medium * SECURITY UPDATE: unvalidated extra length in ProcEstablishConnection - debian/patches/CVE-2017-12176.patch: add check to dix/dispatch.c. - CVE-2017-12176 * SECURITY UPDATE: Unvalidated variable-length request in ProcDbeGetVisualInfo - debian/patches/CVE-2017-12177.patch: add check to dbe/dbe.c. - CVE-2017-12177 * SECURITY UPDATE: wrong extra length check in ProcXIChangeHierarchy - debian/patches/CVE-2017-12178.patch: fix length check in Xi/xichangehierarchy.c. - CVE-2017-12178 * SECURITY UPDATE: integer overflow and unvalidated length in ProcXIBarrierReleasePointer - debian/patches/CVE-2017-12179-1.patch: test exact size of XIBarrierReleasePointer in Xi/xibarriers.c. - debian/patches/CVE-2017-12179-2.patch: add checks to Xi/xibarriers.c. - CVE-2017-12179 * SECURITY UPDATE: various unvalidated lengths - debian/patches/CVE-2017-12180-12182.patch: add more checks to Xext/vidmode.c, hw/xfree86/common/xf86DGA.c, hw/xfree86/dri/xf86dri.c. - CVE-2017-12180 - CVE-2017-12181 - CVE-2017-12182 * SECURITY UPDATE: more unvalidated lengths - debian/patches/CVE-2017-12183.patch: add checks to xfixes/cursor.c, xfixes/region.c, xfixes/saveset.c, xfixes/xfixes.c. - CVE-2017-12183 * SECURITY UPDATE: even more unvalidated lengths - debian/patches/CVE-2017-12184-12187.patch: add more checks to Xext/panoramiX.c, Xext/saver.c, Xext/xres.c, Xext/xvdisp.c, hw/dmx/dmxpict.c, pseudoramiX/pseudoramiX.c, render/render.c. - CVE-2017-12184 - CVE-2017-12185 - CVE-2017-12186 - CVE-2017-12187 * debian/patches/os_big_requests.patch: make sure big requests have sufficient length in os/io.c. * debian/patches/xkb_escape_fix.patch: escape non-printable characters correctly in xkb/xkbtext.c. -- Marc Deslauriers <email address hidden> Fri, 13 Oct 2017 09:00:49 -0400
Available diffs
xorg-server-hwe-16.04 (2:1.19.3-1ubuntu1~16.04.3) xenial-security; urgency=medium * SECURITY UPDATE: DoS or segment overwrite via shmseg resource id - debian/patches/CVE-2017-13721.patch: validate shmseg resource id in Xext/shm.c. - CVE-2017-13721 * SECURITY UPDATE: buffer overflow via XKB data - debian/patches/CVE-2017-13723.patch: handle xkb formatted string output safely in xkb/xkbtext.c. - CVE-2017-13723 -- Marc Deslauriers <email address hidden> Wed, 11 Oct 2017 13:56:12 -0400
Available diffs
xorg-server-hwe-16.04 (2:1.19.3-1ubuntu1~16.04.2) xenial; urgency=medium * SECURITY UPDATE: DoS and possible code execution in endianness conversion of X Events - debian/patches/CVE-2017-10971-1.patch: do not try to swap GenericEvent in Xi/sendexev.c. - debian/patches/CVE-2017-10971-2.patch: verify all events in ProcXSendExtensionEvent in Xi/sendexev.c. - debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in SendEvent request in dix/events.c, dix/swapreq.c. - CVE-2017-10971 * SECURITY UPDATE: information leak in XEvent handling - debian/patches/CVE-2017-10972.patch: zero target buffer in SProcXSendExtensionEvent in Xi/sendexev.c. - CVE-2017-10972 -- Marc Deslauriers <email address hidden> Tue, 25 Jul 2017 09:04:30 -0400
xorg-server-hwe-16.04 (2:1.18.4-1ubuntu6.1~16.04.2) xenial-security; urgency=medium * SECURITY UPDATE: DoS and possible code execution in endianness conversion of X Events - debian/patches/CVE-2017-10971-1.patch: do not try to swap GenericEvent in Xi/sendexev.c. - debian/patches/CVE-2017-10971-2.patch: verify all events in ProcXSendExtensionEvent in Xi/sendexev.c. - debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in SendEvent request in dix/events.c, dix/swapreq.c. - CVE-2017-10971 * SECURITY UPDATE: information leak in XEvent handling - debian/patches/CVE-2017-10972.patch: zero target buffer in SProcXSendExtensionEvent in Xi/sendexev.c. - CVE-2017-10972 * SECURITY UPDATE: MIT-MAGIC-COOKIES timing attack - debian/patches/CVE-2017-2624.patch: use timingsafe_memcmp() in configure.ac, include/dix-config.h.in, include/os.h, os/mitauth.c, os/timingsafe_memcmp.c. - CVE-2017-2624 -- Marc Deslauriers <email address hidden> Mon, 17 Jul 2017 13:16:04 -0400
Available diffs
Superseded in xenial-proposed |
xorg-server-hwe-16.04 (2:1.19.3-1ubuntu1~16.04.1) xenial; urgency=medium * Backport for hwe-16.04 stack. (LP: #1687981) * control: Bump libwayland-dev build-dep to 1.11.0 which has the proxy wrappers. * rules: Clean files not needed on hwe pkgs and make dh_install happy. * control: Add dh-autoreconf back, needed on xenial. -- Timo Aaltonen <email address hidden> Thu, 04 May 2017 10:37:47 +0300
Available diffs
xorg-server-hwe-16.04 (2:1.18.4-1ubuntu6.1~16.04.1) xenial; urgency=medium * Backport for hwe-16.04 stack. * xmir.patch: Don't check for mir_event_type_input_device_state (FTBFS) -- Timo Aaltonen <email address hidden> Fri, 20 Jan 2017 00:18:35 +0200
1 → 14 of 14 results | First • Previous • Next • Last |