CVS: cvs.openbsd.org: xenocara

Alexander Bluhm Tue, 01 Dec 2020 07:37:06 -0800

CVSROOT:        /cvs
Module name:    xenocara
Changes by:     bl...@cvs.openbsd.org   2020/12/01 08:36:45


Modified files:
        xserver/xkb    : Tag: OPENBSD_6_8 xkb.c 

Log message:
Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows
ZDI-CAN 11389 / CVE-2020-25712
Fix from Jan-Niklas Sohn working with Trend Micro.

Check SetMap request length carefully.
Avoid out of bounds memory accesses on too short requests.
ZDI-CAN 11572 /  CVE-2020-14360
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

from matthieu@
this is errata/6.8/007_xmaplen.patch.sig

CVS: cvs.openbsd.org: xenocara

Reply via email to