[ANNOUNCE] xorg-server 1.19.5

Adam Jackson ajax at redhat.com
Thu Oct 12 17:34:07 UTC 2017


One regression fix since 1.19.4 (mea culpa), and fixes for CVEs 2017-
12176 through 2017-12187. C is a terrible language, please stop writing
code in it.

Adam Jackson (2):
      Revert "xf86-video-modesetting: Add ms_queue_vblank helper [v3]"
      xserver 1.19.5

Michal Srb (1):
      os: Make sure big requests have sufficient length.

Nathan Kidd (7):
      Unvalidated lengths
      xfixes: unvalidated lengths (CVE-2017-12183)
      hw/xfree86: unvalidated lengths
      Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer
      Xi: fix wrong extra length check in ProcXIChangeHierarchy (CVE-2017-12178)
      dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo (CVE-2017-12177)
      Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176)

git tag: xorg-server-1.19.5

https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.19.5.tar.bz2
MD5:  4ac6feeae6790436ce9de879ca9a3bf8  xorg-server-1.19.5.tar.bz2
SHA1: 307d3405f709f7e41966c850b37deefe7f83eb9b  xorg-server-1.19.5.tar.bz2
SHA256: 18fffa8eb93d06d2800d06321fc0df4d357684d8d714315a66d8dfa7df251447  xorg-server-1.19.5.tar.bz2
SHA512: 928dea5850b98cd815004cfa133eca23cfa9521920c934c68a92787f2cae13cca1534eee772a4fb74b8ae8cb92662b5d68b95b834c8aa8ec57cd57cb4e5dd45c  xorg-server-1.19.5.tar.bz2
PGP:  https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.19.5.tar.bz2.sig

https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.19.5.tar.gz
MD5:  97ab05c006718d6d484e4e5fe1aec534  xorg-server-1.19.5.tar.gz
SHA1: 842cc1fbc26887698a70c6ad538bb07fa94b0130  xorg-server-1.19.5.tar.gz
SHA256: 1818068b6b86387ee0e392cbe28208ff949d253a1611d17bf2908961f3669b1c  xorg-server-1.19.5.tar.gz
SHA512: 34f10c22bc7e003245c423288c495ef98707d7ba23ff4207d6dfde32e917fd752acc285e65da39805e74cfa275a655b1b0bf07bb5d2bc82a773854a17bc81ded  xorg-server-1.19.5.tar.gz
PGP:  https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.19.5.tar.gz.sig

- ajax
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part
URL: <https://lists.x.org/archives/xorg-devel/attachments/20171012/9e73945c/attachment-0001.sig>


More information about the xorg-devel mailing list