Date: Tue, 03 Dec 2013 11:54:42 -0600 From: Jamie Strandboge <jamie@...onical.com> To: oss-security@...ts.openwall.com CC: security <security@...ntu.com>, xorg_security@...rg Subject: CVE Request: xorg-server and pixman Hi, This bug has been public since August but I could find a CVE for it: https://launchpad.net/bugs/1197921 There are two bugs - Xorg can be made to crash and pixman can trigger the aformentioned Xorg crash. A simplified reproducer is in the pixman patches with another reproducer in the Launchpad bug. The xorg xorg-server - exa: only draw valid trapezoids The patch was submitted in October but doesn't seem to be applied yet, so I'm CC'ing xorg_security. Patch references the pixman f.d.o bug, but doesn't seem to have an associated xorg bug. http://patchwork.freedesktop.org/patch/14769/ http://lists.x.org/archives/xorg-devel/2013-October/037996.html Pixman - Corrupted CustomShape crashes Xorg https://bugs.freedesktop.org/show_bug.cgi?id=67484 Patch: - 5e14da97f16e421d084a9e735be21b1025150f0c (fix) - 2f876cf86718d3dd9b3b04ae9552530edafe58a1 (test case) Thanks! -- Jamie Strandboge http://www.ubuntu.com/ Download attachment "signature.asc" of type "application/pgp-signature" (902 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ