Format: 1.8
Date: Thu, 20 Jul 2017 14:44:38 -0400
Source: xorg-server
Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-xorg-core-dbg xserver-common xserver-xorg-xmir xorg-server-source
Architecture: source
Version: 2:1.15.1-0ubuntu2.9
Distribution: trusty-security
Urgency: medium
Maintainer: Ubuntu X-SWAT <ubuntu-x@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 xdmx       - distributed multihead X server
 xdmx-tools - Distributed Multihead X tools
 xnest      - Nested X server
 xorg-server-source - Xorg X server - source files
 xserver-common - common files used by various X servers
 xserver-xephyr - nested X server
 xserver-xorg-core - Xorg X server - core server
 xserver-xorg-core-dbg - Xorg - the X.Org X server (debugging symbols)
 xserver-xorg-core-udeb - Xorg X server - core server (udeb)
 xserver-xorg-dev - Xorg X server - development files
 xserver-xorg-xmir - Xorg - the X.Org X server (module for running nested in Mir)
 xvfb       - Virtual Framebuffer 'fake' X server
Changes: 
 xorg-server (2:1.15.1-0ubuntu2.9) trusty-security; urgency=medium
 .
   * SECURITY UPDATE: DoS and possible code execution in endianness
     conversion of X Events
     - debian/patches/CVE-2017-10971-1.patch: do not try to swap
       GenericEvent in Xi/sendexev.c.
     - debian/patches/CVE-2017-10971-2.patch: verify all events in
       ProcXSendExtensionEvent in Xi/sendexev.c.
     - debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in
       SendEvent request in dix/events.c, dix/swapreq.c.
     - CVE-2017-10971
   * SECURITY UPDATE: information leak in XEvent handling
     - debian/patches/CVE-2017-10972.patch: zero target buffer in
       SProcXSendExtensionEvent in Xi/sendexev.c.
     - CVE-2017-10972
   * SECURITY UPDATE: MIT-MAGIC-COOKIES timing attack
     - debian/patches/CVE-2017-2624.patch: use timingsafe_memcmp() in
       configure.ac, include/dix-config.h.in, include/os.h,
       os/mitauth.c, os/timingsafe_memcmp.c.
     - CVE-2017-2624
   * debian/patches/fix_test_failure.patch: fix ftbfs on armhf due to
     uninitialized values.
Checksums-Sha1: 
 33a1831dc7f4fa52f48543498cef787d4e01e6b5 4494 xorg-server_1.15.1-0ubuntu2.9.dsc
 b3aab3480698f6e31f01ac7bfa134fd081f44b20 218382 xorg-server_1.15.1-0ubuntu2.9.diff.gz
Checksums-Sha256: 
 8bbbedc6f6dd4eaa3a7e8b6820613b51be46955097ada5f4a67d474f78f53fca 4494 xorg-server_1.15.1-0ubuntu2.9.dsc
 7b8a70ccc66b4c6f1955f20fe904d5777656d35014f065bc0c7575b8d586896c 218382 xorg-server_1.15.1-0ubuntu2.9.diff.gz
Files: 
 69f392dc2100fa300f1a2a450f0ec7ed 4494 x11 optional xorg-server_1.15.1-0ubuntu2.9.dsc
 75a120b451b70baba08e979af40ca97f 218382 x11 optional xorg-server_1.15.1-0ubuntu2.9.diff.gz
Original-Maintainer: Debian X Strike Force <debian-x@lists.debian.org>