Univention Bugzilla – Bug 48773
wayland: Multiple issues (4.3)
Last modified: 2019-02-27 13:29:08 CET
New Debian wayland 1.12.0-1+deb9u1 fixes: This update addresses the following issue: * file.c: heap-based buffer overflow when reading/creating images (CVE-2017-16612)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/wayland_1.12.0-1.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/wayland_1.12.0-1+deb9u1.dsc @@ -1,3 +1,12 @@ +1.12.0-1+deb9u1 [Sun, 04 Mar 2018 11:43:29 +0100] Héctor Orón Martínez <zumbi@debian.org>: + + * debian/patches/CVE-2017-16612.patch: (Closes: #889681, #892031) + - libXcursor before 1.1.15 has various integer overflows that could lead + to heap buffer overflows when processing malicious cursors, e.g., with + programs like GIMP. It is also possible that an attack vector exists + against the related code in cursor/xcursor.c in Wayland through + 1.14.0. + 1.12.0-1 [Wed, 07 Dec 2016 18:54:57 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: * New upstream release. Closes: #840752. <http://10.200.17.11/4.3-3/#7906104207197331754>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] 51e3ff84c0 Bug #48773: wayland 1.12.0-1+deb9u1 doc/errata/staging/wayland.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<http://errata.software-univention.de/ucs/4.3/446.html>