[Bug 1212935] [NEW] Sync libxi 2:1.7.2-1 (main) from Debian unstable (main)

Thu, 15 Aug 2013 21:46:28 -0700 

Public bug reported:

Please sync libxi 2:1.7.2-1 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  [ Maarten Lankhorst ]
  * Merge from debian-unstable.
  * Add a breaks to xorg-server 1.13 and old unity.
  * SECURITY UPDATE: denial of service and possible code execution via
    incorrect memory size calculations
    - debian/patches/CVE-2013-1984.patch: fix multiple integer overflows.
    - CVE-2013-1984
  * SECURITY UPDATE: denial of service and possible code execution via
    incorrect memory size calculations from signedness issues
    - debian/patches/CVE-2013-1995.patch: fix signedness issues in
      src/XListDev.c.
    - CVE-2013-1995
  * SECURITY UPDATE: denial of service and possible code execution via
    incorrect length and bounds checking
    - debian/patches/CVE-2013-1998.patch: properly check lengths and
      indexes in src/XGetBMap.c, src/XIPassiveGrab.c, src/XQueryDv.c.
    - CVE-2013-1998
  * revert-xi2.3.diff: Change .pc file to set version back to 1.6.1, to avoid
    tricking module checks of reverse dependencies into thinking that the
    installed libxi supports pointer barrier events. Fixes mutter FTBFS.
  * revert support for the new pointer barrier events for now, until
    the rest of the stack is ready.
  * Sync from unreleased debian git.
    - new upstream release
  * New upstream release.
  * control: Bump policy to 3.9.4, no changes.
  * add-missing-xi_rawtouch.diff: Upstream commit to add XI_RawTouch in
    XInputCopyCookie.
  * control: Bump x11proto-input-dev build-dep to 2.2.99.1.
  * libxi6.symbols: Added new symbols.


The SECURITY UPDATES are all upstream in the newer version, the previous 
updates were fixes because of the pointer barriers api changes that are no 
longer needed. All of the rest of the changes are in debian now.

Changelog entries since current saucy version 2:1.7.1.901-1ubuntu1:

libxi (2:1.7.2-1) unstable; urgency=low

  * New upstream release.

 -- Julien Cristau <jcris...@debian.org>  Mon, 12 Aug 2013 18:46:14
+0200

** Affects: libxi (Ubuntu)
     Importance: Wishlist
         Status: Invalid

** Changed in: libxi (Ubuntu)
   Importance: Undecided => Wishlist

** Changed in: libxi (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1212935

Title:
  Sync libxi 2:1.7.2-1 (main) from Debian unstable (main)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxi/+bug/1212935/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to