Public bug reported:
Please sync libxi 2:1.7.2-1 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
[ Maarten Lankhorst ]
* Merge from debian-unstable.
* Add a breaks to xorg-server 1.13 and old unity.
* SECURITY UPDATE: denial of service and possible code execution via
incorrect memory size calculations
- debian/patches/CVE-2013-1984.patch: fix multiple integer overflows.
- CVE-2013-1984
* SECURITY UPDATE: denial of service and possible code execution via
incorrect memory size calculations from signedness issues
- debian/patches/CVE-2013-1995.patch: fix signedness issues in
src/XListDev.c.
- CVE-2013-1995
* SECURITY UPDATE: denial of service and possible code execution via
incorrect length and bounds checking
- debian/patches/CVE-2013-1998.patch: properly check lengths and
indexes in src/XGetBMap.c, src/XIPassiveGrab.c, src/XQueryDv.c.
- CVE-2013-1998
* revert-xi2.3.diff: Change .pc file to set version back to 1.6.1, to avoid
tricking module checks of reverse dependencies into thinking that the
installed libxi supports pointer barrier events. Fixes mutter FTBFS.
* revert support for the new pointer barrier events for now, until
the rest of the stack is ready.
* Sync from unreleased debian git.
- new upstream release
* New upstream release.
* control: Bump policy to 3.9.4, no changes.
* add-missing-xi_rawtouch.diff: Upstream commit to add XI_RawTouch in
XInputCopyCookie.
* control: Bump x11proto-input-dev build-dep to 2.2.99.1.
* libxi6.symbols: Added new symbols.
The SECURITY UPDATES are all upstream in the newer version, the previous
updates were fixes because of the pointer barriers api changes that are no
longer needed. All of the rest of the changes are in debian now.
Changelog entries since current saucy version 2:1.7.1.901-1ubuntu1:
libxi (2:1.7.2-1) unstable; urgency=low
* New upstream release.
-- Julien Cristau <jcris...@debian.org> Mon, 12 Aug 2013 18:46:14
+0200
** Affects: libxi (Ubuntu)
Importance: Wishlist
Status: Invalid
** Changed in: libxi (Ubuntu)
Importance: Undecided => Wishlist
** Changed in: libxi (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to libxi in Ubuntu.
https://bugs.launchpad.net/bugs/1212935
Title:
Sync libxi 2:1.7.2-1 (main) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxi/+bug/1212935/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~ubuntu-x-swat
Post to : ubuntu-x-swat@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ubuntu-x-swat
More help : https://help.launchpad.net/ListHelp
