[ANNOUNCE] xrdb 1.2.1

Matthieu Herrb (1): xrdb 1.2.1 Tobias Stoeckmann (1): Fix out of boundary read. Walter Harms (3): Add actual querying capabilities XFree() can handle NULL arg fix assignment discards ‘const’ qualifier git tag: xrdb-1.2.1 https://xorg.freedesktop.org/archive

[ANNOUNCE] xrestop 0.5

with dist-hook to generate from git log Fix commit 08c9daab3a0b3ef37723c007858fa949cb91bbd8 Keith Packard (1): Use XResQueryClientIds to get pid instead of window property Kevin Ryde (1): In xrestop_client_get_info() show xrestop's own pid. Matthieu Herrb (7): U

[ANNOUNCE] libX11 1.7.1

x in comment Gaurav Ujjwal (1): Fix out-of-bound access in KeySymToUcs4() Matthieu Herrb (2): Reject string longer than USHRT_MAX before sending them on the wire Version 1.7.1 Walter Harms (8): FIX: warning: macro `Pn' not defined FIX: warning: macro `hN' not

libX11 security advisory: May 11, 2021

vulnerability has been discovered by Roman Fiedler from Unparalleled IT Services e.U. -- Matthieu Herrb signature.asc Description: PGP signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce

X.Org server security advisory: April 13, 2021

vulnerabilities have been discovered by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. -- Matthieu Herrb signature.asc Description: PGP signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg

X.Org server security advisory: December 1, 2020

SetDeviceIndicators() heap overflows ZDI-CAN 11389 / CVE-2020-25712 Thanks == These vulnerabilities have been discovered by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. -- Matthieu Herrb ___ xorg-announce mailing list xorg-announce

X.Org server security advisory: August 25, 2020

24acad216aa0fc2ac451c67b2b86db057a032050 Fix XRecordRegisterClients() Integer underflow CVE-2020-14362 ZDI-CAN-11574 Thanks == These vulnerabilities have beend discovered by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. -- Matthieu Herrb signature.asc Description: PGP

[ANNOUNCE] libX11 1.6.12

Christopher Chavez (1): Fix typo GCCLipYOrigin -> GCClipYOrigin in XCreateGC() manpage Felix Yan (1): Correct a typo in GetStCmap.c Matthieu Herrb (2): Fix an integer overflow in init_om() libX11 1.6.12 Maya Rashish (1): Avoid the use of "register&quo

X.Org libX11 security advisory: August 25, 2020

020-14363 This can lead to a double free later, as reported by Jayden Rivers. Thanks -- X.Org thanks Jayden Rivers for reporting this issue to our security team and assisting them in understanding them and providing fixes. -- Matthieu Herrb signature.asc Description:

[ANNOUNCE] libX11 1.6.10

Adam Jackson (1): Fix XTS regression in XCopyColormapAndFree Alan Coopersmith (1): Fix spelling/wording issues Alex Henrie (1): Handle small final sigma in XConvertCase Marko Myllynen (1): Update Finnish compose sequences for SFS 5966:2019 standard Matthieu Herrb (2

X.Org security advisory: July 31, 2020: libX11

rruption. Thanks == X.Org thanks Todd Carson for reporting these issues to our security team and assisting them in understanding them and providing fixes. -- Matthieu Herrb signature.asc Description: PGP signature ___ xorg-announce mailing list xorg-

X.Org security advisory: July 31, 2020: Xserver

n NullPixmap; Thanks == This vulnerability was discovered by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. -- Matthieu Herrb signature.asc Description: PGP signature ___ xorg-announce mailing list xorg-announce@lists.x.org https:/

X.Org security advisory: October 25, 2018

d reported the issue, and the Red Hat Product Security Team who helped understand all impacts. -- Matthieu Herrb signature.asc Description: PGP signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce

[ANNOUNCE] libSM 1.2.3

Alan Coopersmith (1): Stop compiling empty sm_auth.c stub Emil Velikov (1): autogen.sh: use quoted string variables Fab (1): Fix callbacks signatures in libSM documentation Jon TURNEY (1): Include unistd.h for getpid() Matthieu Herrb (3): Fix uuid_to_string(3

[ANNOUNCE] libX11 1.6.6

Prop.c:140 Martin Natano (1): Don't rebuild ks_tables.h if nothing changed. Matthieu Herrb (2): Remove statement with no effect. libX11 1.6.6 Michal Srb (1): Use flexible array member instead of fake size. Ryan C. Gordon (1): Valgrind fix for XStoreColor and XStoreC

X.Org security advisory: August 21, 2018

X.Org security advisory: August 21, 2018 Multiple issues in libX11 = The functions XGetFontPath, XListExtensions and XListFonts from libX11 are vulnerable to three different issues: Off-by-one writes (CVE-2018-14599). --- The functions XGe

[ANNOUNCE] libXfont 1.5.4

Matthieu Herrb (1): libXfont 1.5.4 Michal Srb (1): Open files with O_NOFOLLOW. (CVE-2017-16611) git tag: libXfont-1.5.4 https://xorg.freedesktop.org/archive/individual/lib/libXfont-1.5.4.tar.bz2 MD5: 16eaf156edd79b68038b6a7c44aa9e9b libXfont-1.5.4.tar.bz2 SHA1

[ANNOUNCE] libXfont2 2.0.3

Matthieu Herrb (1): libXfont2 2.0.3 Michal Srb (1): Open files with O_NOFOLLOW. (CVE-2017-16611) git tag: libXfont2-2.0.3 https://xorg.freedesktop.org/archive/individual/lib/libXfont2-2.0.3.tar.bz2 MD5: b7ca87dfafeb5205b28a1e91ac3efe85 libXfont2-2.0.3.tar.bz2 SHA1

[ANNOUNCE] libXcursor 1.1.15

Alan Coopersmith (4): configure: Drop AM_MAINTAINER_MODE autogen.sh: Honor NOCONFIGURE=1 Use strdup() instead of malloc(strlen())+strcpy() Fix some clang integer sign/size mismatch warnings Emil Velikov (1): autogen.sh: use quoted string variables Matthieu Herrb (1

[ANNOUNCE] libXpm 3.5.12

Jörg Sonnenberger (1): Fix abs() usage. Matthieu Herrb (1): libXpm 3.5.12 Tobias Stoeckmann (4): Fix out out boundary read on unknown colors Gracefully handle EOF while parsing files. Avoid OOB write when handling malicious XPM files. Handle size_t in file

[ANNOUNCE] libXtst 1.2.3

Matthieu Herrb (1): libXtst 1.2.3 Michael Joost (1): Remove fallback for _XEatDataWords, require libX11 1.6 for it Tobias Stoeckmann (1): Out of boundary access and endless loop in libXtst git tag: libXtst-1.2.3 https://xorg.freedesktop.org/archive/individual/lib/libXtst

[ANNOUNCE] libXv 1.0.11

Alan Coopersmith (1): Fix typo in dependencies for lint library Matthieu Herrb (1): libXv 1.0.11 Tobias Stoeckmann (1): Protocol handling issues in libXv - CVE-2016-5407 git tag: libXv-1.0.11 https://xorg.freedesktop.org/archive/individual/lib/libXv-1.0.11.tar.bz2 MD5

[ANNOUNCE] libXi 1.7.7

Matthieu Herrb (1): libXi 1.7.7 Tobias Stoeckmann (1): Properly validate server responses. git tag: libXi-1.7.7 https://xorg.freedesktop.org/archive/individual/lib/libXi-1.7.7.tar.bz2 MD5: cc0883a898222d50ff79af3f83595823 libXi-1.7.7.tar.bz2 SHA1

[ANNOUNCE] libXrender 0.9.10

Lauri Kasanen (1): Fix documentation to explicitly mention premultiplied alpha Matthieu Herrb (1): libXrender 0.9.10 Tobias Stoeckmann (2): Avoid OOB write in XRenderQueryFilters Validate lengths while parsing server data. git tag: libXrender-0.9.10 https

[ANNOUNCE] libXvMC 1.0.10

Matthieu Herrb (1): libXvMC 1.0.10 Tobias Stoeckmann (1): Avoid buffer underflow on empty strings. git tag: libXvMC-1.0.10 https://xorg.freedesktop.org/archive/individual/lib/libXvMC-1.0.10.tar.bz2 MD5: 4cbe1c1def7a5e1b0ed5fce8e512f4c6 libXvMC-1.0.10.tar.bz2 SHA1

[ANNOUNCE] libXrender 0.9.10

Lauri Kasanen (1): Fix documentation to explicitly mention premultiplied alpha Matthieu Herrb (1): libXrender 0.9.10 Tobias Stoeckmann (2): Avoid OOB write in XRenderQueryFilters Validate lengths while parsing server data. git tag: libXrender-0.9.10 https

[ANNOUNCE] libXfixes 5.0.3

Matthieu Herrb (1): libXfixes 5.0.3 Tobias Stoeckmann (1): Integer overflow on illegal server response git tag: libXfixes-5.0.3 https://xorg.freedesktop.org/archive/individual/lib/libXfixes-5.0.3.tar.bz2 MD5: 07e01e046a0215574f36a3aacb148be0 libXfixes-5.0.3.tar.bz2 SHA1

[ANNOUNCE] libXrandr 1.5.1

Matthieu Herrb (1): libXrandr 1.5.1 Tobias Stoeckmann (1): Avoid out of boundary accesses on illegal responses walter harms (2): fix: doGetScreenResources() info: redundant null check on calling free() fix: redundant null check on calling free() git tag: libXrandr-1.5.1

[ANNOUNCE] libXi 1.7.7

Matthieu Herrb (1): libXi 1.7.7 Tobias Stoeckmann (1): Properly validate server responses. git tag: libXi-1.7.7 https://xorg.freedesktop.org/archive/individual/lib/libXi-1.7.7.tar.bz2 MD5: cc0883a898222d50ff79af3f83595823 libXi-1.7.7.tar.bz2 SHA1

[ANNOUNCE] libX11 1.6.4

languages in Togo Matthew D. Fuller (1): Fixup param specification for XChangeProperty() Matthieu Herrb (1): libX11 1.6.4 Mike FABIAN (3): add be_BY.UTF-8@latin and sr_RS.UTF-8@latin to locale.dir fix spelling mistakes in ks_IN and sd_IN devanagari locales Fix spellin

X.Org security advisory: Protocol handling issues in X Window System client libraries

s releases from X.Org: * libX11 1.6.4 * libXfixes 5.0.3 * libXi 1.7.7 * libXrandr 1.5.1 * libXrender 0.9.10 * libXtst 1.2.3 * libXv 1.0.11 * libXvMC 1.0.10 Thanks X.Org thanks Tobias Stoeckmann for reporting these issues to our security team and assisting them in understanding them and ev

[ANNOUNCE] xf86-video-wsfb 0.4.0

deprecated AM_CONFIG_HEADER with AC_CONFIG_HEADERS config: replace deprecated AC_HELP_STRING with AS_HELP_STRING config: replace deprecated use of AC_OUTPUT with AC_CONFIG_FILES config: add comments for main statements Matthieu Herrb (16): replace XF86Config -> xorg.conf i