-
libx11 (2:1.6.9-2ubuntu1.6) focal-security; urgency=medium
* SECURITY UPDATE: out-of-bounds memory access in _XkbReadKeySyms()
- d/p/0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch
- CVE-2023-43785
* SECURITY UPDATE: stack exhaustion from infinite recursion in
PutSubImage()
- d/p/0002-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch
- d/p/0003-XPutImage-clip-images-to-maximum-height-width-allowe.patch
- CVE-2023-43786
* SECURITY UPDATE: integer overflow in XCreateImage() leading to a heap
overflow
- d/p/0004-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch
- d/p/0005-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch
- CVE-2023-43787
-- Marc Deslauriers <email address hidden> Mon, 02 Oct 2023 15:14:49 -0400
-
libx11 (2:1.6.9-2ubuntu1.5) focal-security; urgency=medium
* SECURITY UPDATE: multiple buffer overflows
- debian/patches/CVE-2023-3138.patch: add bounds checks for extension
request, event, & error codes in src/InitExt.c.
- CVE-2023-3138
* This update does _not_ contain the changes from 2:1.6.9-2ubuntu1.3 in
focal-proposed.
-- Marc Deslauriers <email address hidden> Tue, 13 Jun 2023 07:26:48 -0400
-
libx11 (2:1.6.9-2ubuntu1.3) focal; urgency=medium
* Fix a race condition in poll_for_response. (LP: #1782984)
-- Timo Aaltonen <email address hidden> Thu, 05 Aug 2021 10:23:56 +0300
-
libx11 (2:1.6.9-2ubuntu1.2) focal-security; urgency=medium
* SECURITY UPDATE: extra X protocol requests via unchecked string lengths
- debian/patches/CVE-2021-31535.patch: reject strings longer than
USHRT_MAX before sending them on the wire in src/Font.c,
src/FontInfo.c, src/FontNames.c, src/GetColor.c, src/LoadFont.c,
src/LookupCol.c, src/ParseCol.c, src/QuExt.c, src/SetFPath.c,
src/SetHints.c, src/StNColor.c, src/StName.c .
- CVE-2021-31535
-- Marc Deslauriers <email address hidden> Wed, 19 May 2021 13:07:18 -0400
-
libx11 (2:1.6.9-2ubuntu1.1) focal-security; urgency=medium
* SECURITY UPDATE: integer overflow and heap overflow in XIM client
- debian/patches/CVE-2020-14344-1.patch: fix signed length values in
modules/im/ximcp/imRmAttr.c.
- debian/patches/CVE-2020-14344-2.patch: fix integer overflows in
modules/im/ximcp/imRmAttr.c.
- debian/patches/CVE-2020-14344-3.patch: fix more unchecked lengths in
modules/im/ximcp/imRmAttr.c.
- debian/patches/CVE-2020-14344-4.patch: zero out buffers in functions
in modules/im/ximcp/imDefIc.c, modules/im/ximcp/imDefIm.c.
- debian/patches/CVE-2020-14344-5.patch: change the data_len parameter
to CARD16 in modules/im/ximcp/imRmAttr.c.
- debian/patches/CVE-2020-14344-6.patch: fix size calculation in
modules/im/ximcp/imRmAttr.c.
- debian/patches/CVE-2020-14344-7.patch: fix input clients connecting
to server in modules/im/ximcp/imRmAttr.c.
- CVE-2020-14344
* SECURITY UPDATE: integer overflow and double free in locale handling
- debian/patches/CVE-2020-14363.patch: fix an integer overflow in
modules/om/generic/omGeneric.c.
- CVE-2020-14363
-- Marc Deslauriers <email address hidden> Mon, 31 Aug 2020 11:51:55 -0400
-
libx11 (2:1.6.9-2ubuntu1) focal; urgency=medium
* control: Bump build-dep on x11proto-dev to make sure we have all
the new keysyms.
-- Timo Aaltonen <email address hidden> Mon, 09 Mar 2020 14:45:02 +0200
-
libx11 (2:1.6.9-2) unstable; urgency=medium
* control: Depend on x11proto-dev instead of the old protos, bump the
version.
* control: libx11-dev Replaces old x11proto-dev. (Closes: #952589)
-- Timo Aaltonen <email address hidden> Wed, 26 Feb 2020 18:40:14 +0200
-
libx11 (2:1.6.9-1) unstable; urgency=medium
* New upstream release.
* control: Use debhelper-compat, bump to 12.
* signing-key.asc: Add Adam Jackson's key.
* rules: Remove .la files before install.
* rules: Use -a instead of -s for dh_makeshlibs.
* watch: Update upstream url.
* control: Bump policy to 4.5.0.
-- Timo Aaltonen <email address hidden> Wed, 26 Feb 2020 14:32:15 +0200
-
libx11 (2:1.6.8-1) unstable; urgency=medium
[ Timo Aaltonen ]
* New upstream release.
* patches: Refreshed.
[ Helmut Grohne ]
* Move documentation dependencies to Build-Depends-Indep. (Closes: #928878)
-- Timo Aaltonen <email address hidden> Wed, 18 Sep 2019 17:09:31 +0300
