** Description changed: [Impact] 0.8.2 has completed the fuzzing work started in 0.8.1, so backport the package from cosmic to fix these CVE's: CVE-2018-15853 CVE-2018-15854 CVE-2018-15855 CVE-2018-15856 CVE-2018-15857 CVE-2018-15858 CVE-2018-15859 CVE-2018-15861 CVE-2018-15862 CVE-2018-15863 CVE-2018-15864. upstream NEWS: libxkbcommon 0.8.2 - 2018-08-05 ================== - Fix various problems found with fuzzing (see commit messages for - more details): + more details): - - Fix a few NULL-dereferences, out-of-bounds access and undefined behavior - in the XKB text format parser. - + - Fix a few NULL-dereferences, out-of-bounds access and undefined behavior + in the XKB text format parser. libxkbcommon 0.8.1 - 2018-08-03 ================== - Fix various problems found in the meson build (see commit messages for more - details): + details): - - Fix compilation on Darwin. + - Fix compilation on Darwin. - - Fix compilation of the x11 tests and demos when XCB is installed in a - non-standard location. + - Fix compilation of the x11 tests and demos when XCB is installed in a + non-standard location. - - Fix xkbcommon-x11.pc missing the Requires specification. + - Fix xkbcommon-x11.pc missing the Requires specification. - Fix various problems found with fuzzing and Coverity (see commit messages for - more details): + more details): - - Fix stack overflow in the XKB text format parser when evaluating boolean - negation. + - Fix stack overflow in the XKB text format parser when evaluating boolean + negation. - - Fix NULL-dereferences in the XKB text format parser when some unsupported - tokens appear (the tokens are still parsed for backward compatibility). + - Fix NULL-dereferences in the XKB text format parser when some unsupported + tokens appear (the tokens are still parsed for backward compatibility). - - Fix NULL-dereference in the XKB text format parser when parsing an - xkb_geometry section. + - Fix NULL-dereference in the XKB text format parser when parsing an + xkb_geometry section. - - Fix an infinite loop in the Compose text format parser on some + - Fix an infinite loop in the Compose text format parser on some inputs. - - Fix an invalid free() when using multiple keysyms. + - Fix an invalid free() when using multiple keysyms. - Replace the Unicode characters for the leftanglebracket and rightanglebracket - keysyms from the deprecated LEFT/RIGHT-POINTING ANGLE BRACKET to - MATHEMATICAL LEFT/RIGHT ANGLE BRACKET. + keysyms from the deprecated LEFT/RIGHT-POINTING ANGLE BRACKET to + MATHEMATICAL LEFT/RIGHT ANGLE BRACKET. - Reject out-of-range Unicode codepoints in xkb_keysym_to_utf8 and - xkb_keysym_to_utf32. + xkb_keysym_to_utf32. [Test case] install the update, check that nothing breaks wrt keyboard handling [Regression potential] slim, this has been in cosmic for some time already, and upstream specifically asked to backport this to stable releases + + There are some other changes to the packaging, but these are harmless + and won't regress anything.
-- You received this bug notification because you are a member of Ubuntu-X, which is subscribed to libxkbcommon in Ubuntu. https://bugs.launchpad.net/bugs/1794690 Title: Backport 0.8.2 for a CVE update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxkbcommon/+bug/1794690/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~ubuntu-x-swat Post to : ubuntu-x-swat@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-x-swat More help : https://help.launchpad.net/ListHelp
