Date: Tue, 03 Dec 2013 11:54:42 -0600 From: Jamie Strandboge <jamie@...onical.com> To: oss-security@...ts.openwall.com CC: security <security@...ntu.com>, xorg_security@...rg Subject: CVE Request: xorg-server and pixman Hi, This bug has been public since August but I could find a CVE for it: https://launchpad.net/bugs/1197921 There are two bugs - Xorg can be made to crash and pixman can trigger the aformentioned Xorg crash. A simplified reproducer is in the pixman patches with another reproducer in the Launchpad bug. The xorg xorg-server - exa: only draw valid trapezoids The patch was submitted in October but doesn't seem to be applied yet, so I'm CC'ing xorg_security. Patch references the pixman f.d.o bug, but doesn't seem to have an associated xorg bug. http://patchwork.freedesktop.org/patch/14769/ http://lists.x.org/archives/xorg-devel/2013-October/037996.html Pixman - Corrupted CustomShape crashes Xorg https://bugs.freedesktop.org/show_bug.cgi?id=67484 Patch: - 5e14da97f16e421d084a9e735be21b1025150f0c (fix) - 2f876cf86718d3dd9b3b04ae9552530edafe58a1 (test case) Thanks! -- Jamie Strandboge http://www.ubuntu.com/ Download attachment "signature.asc" of type "application/pgp-signature" (902 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.