On Sat, Feb 18, 2012 at 23:55:34 +0100, Michael Karcher wrote: > libXi can cause heap corruption if it receices unknown device classes > in input devices, as it does not allocate any space to unknown classes, > yet it stores type and ID information of that class. If the unknown classes > are at the end of the list, 8 bytes following the allocated class info > block are corrupted. > > This behaviour is observable with current X servers in experimental. As > heap corruption is a security problem (malign X servers could try to exploit > client code using Xinput2), fixing this bug might be eligible for a stable > update. > > Commit > http://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=635c2c029b1e73311c3f650bcaf7eeb9e782134b > fixes the problem and applies (with offset and fuzz, though). > Can you please verify that this is fixed in 2:1.3-7, currently in proposed-updates?
Cheers, Julien
signature.asc
Description: Digital signature
