Snippets Groups Projects

Due to an influx of spam, we have had to impose restrictions on new accounts. Please see this wiki page for instructions on how to get full permissions. Sorry for the inconvenience.

The migration is almost done, at least the rest should happen in the background. There are still a few technical difference between the old cluster and the new ones, and they are summarized in this issue. Please pay attention to the TL:DR at the end of the comment.

Commit 304a654a authored 1 year ago by Alan Coopersmith

InitExt.c: Add bounds checks for extension request, event, & error codes

Fixes CVE-2023-3138: X servers could return values from XQueryExtension
that would cause Xlib to write entries out-of-bounds of the arrays to
store them, though this would only overwrite other parts of the Display
struct, not outside the bounds allocated for that structure.

Reported-by: Gregory James DUCK <gjduck@gmail.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

parent 71b08b8a

No related branches found

No related tags found

1 merge request!212libX11 1.8.6, including fix for CVE-2023-3138

Hide whitespace changes

Inline Side-by-side

Showing with 42 additions and 0 deletions

Please register or to comment