Date: Wed, 04 Dec 2013 11:04:12 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: security <security@...ntu.com>, xorg_security@...rg Subject: Re: CVE Request: xorg-server and pixman -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/04/2013 07:46 AM, Jamie Strandboge wrote: > On 12/04/2013 01:09 AM, Murray McAllister wrote: >> On 12/04/2013 03:32 PM, Kurt Seifried wrote: >>> On 12/03/2013 10:54 AM, Jamie Strandboge wrote: >>> >>>> Hi, >>> >>>> This bug has been public since August but I could find a CVE >>>> for it: https://launchpad.net/bugs/1197921 >>> >>>> There are two bugs - Xorg can be made to crash and pixman >>>> can trigger the aformentioned Xorg crash. A simplified >>>> reproducer is in the pixman patches with another reproducer >>>> in the Launchpad bug. The xorg >>> >>>> xorg-server - exa: only draw valid trapezoids The patch was >>>> submitted in October but doesn't seem to be applied yet, so >>>> I'm CC'ing xorg_security. Patch references the pixman f.d.o >>>> bug, but doesn't seem to have an associated xorg bug. >>>> http://patchwork.freedesktop.org/patch/14769/ >>>> http://lists.x.org/archives/xorg-devel/2013-October/037996.html >>> >>>> >>>> Pixman - Corrupted CustomShape crashes Xorg >>>> https://bugs.freedesktop.org/show_bug.cgi?id=67484 Patch: - >>>> 5e14da97f16e421d084a9e735be21b1025150f0c (fix) - >>>> 2f876cf86718d3dd9b3b04ae9552530edafe58a1 (test case) >>> >>>> Thanks! >>> >>> >>> So only x.org crashes, you can trigger it via X.org, or via >>> pixman? or is pixman also crashing? >>> >>> >> >> From https://bugs.freedesktop.org/show_bug.cgi?id=67484 and >> http://patchwork.freedesktop.org/patch/14769/ it sounded like it >> would affect both 1) crash an application using pixman 2) crash >> the X server >> >> Is that correct? >> > > AIUI, this is correct. See: > https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921/comments/28 > > "No, it really is a bug in pixman too. I just fixed the same > comparison that happens in xorg-server, but pixman is still > affected." > > Thanks. Please use CVE-2013-6424 for the issue in xorg-server Please use CVE-2013-6425 for the issue in pixman. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSn26cAAoJEBYNRVNeJnmTguYP/3TopPXbCDX05nRTa66Ujpbr A27KAVV/f9kRJInqKAND9pPqn3gxqlMdTyHftFsffn9qqf2b09rnO5jGDr7w/Mcp L/0kXWrCRLjL6ATHOtncONx98sD1xH/u+5kdx9YmsHEqj4r0zbNrKOqXHVd9hOIe y+7LyL2zOj4sWa+jG9rzYEDSlErE8OKgpKHE2MA+4wO0Ke5CICNd07ipXz5no2fW fKfaYvoh+95bTEKzQJT95jmbIxj8nrsYIWQSu7Cn68XUwsR7vCxZVCU5zQkk6vmi Hxeyv4Xo4QG4z5atMgg8NwTb2xLHjay9N8nFxYTu5J10MOGMqPncp90RYCjOZe5A pP8pKjCIxC6CtgubuwF0gMRVO4U/jSOSbU949h8TUyCQNqM2CNpTBY1kmfbkSd+X D6UBHfz1Sx0zt98h4bPhvq4hD+jn6yTfHpad8u2CxYalr3PMyxK4HtOTBTQTpJQL TH75F1Fy7+S+fjSaXT+jl4yqQXyGJ6coDGUzHimuBiPAOrAw4pDHAqOYwRz2LH6a laSnDYniRuA0MY9AhLvBxoepxFtazWW25m82efZzO93ayDo2QbNNrDo8lHWXws1k Lq4gWL7dgx/LuD3XMmdZN6nagWHYGETsYrw4w90bxUH9DFCChEj+M00I6sPSh151 ceZqoiWqnt5tCOtd2dAe =cdlh -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.