Bug#906012: libxcursor: CVE-2015-9262

Mon, 13 Aug 2018 00:21:39 -0700 

Hi security team,

> libxcursor: CVE-2015-9262

I have prepared an update for stretch:

  libxcursor (1:1.1.14-1+deb9u2) stretch-security; urgency=high

   * Non-maintainer upload by the Security Team.
   * Fix a denial of service or potentially code execution via
     a one-byte heap overflow. (CVE-2015-9262) Closes: #906012)

  -- Chris Lamb <la...@debian.org>  Mon, 13 Aug 2018 09:09:13 +0200


Full debdiff attached. Permission to upload to stretch-security?


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      la...@debian.org / chris-lamb.co.uk
       `-

diffstat for libxcursor_1.1.14-1+deb9u1 libxcursor_1.1.14-1+deb9u2

 debian/patches/CVE-2015-9262.patch      |   23 +++++++++++++++++++++++
 libxcursor-1.1.14/debian/changelog      |    8 ++++++++
 libxcursor-1.1.14/debian/patches/series |    1 +
 3 files changed, 32 insertions(+)

diff -u libxcursor-1.1.14/debian/changelog libxcursor-1.1.14/debian/changelog
--- libxcursor-1.1.14/debian/changelog
+++ libxcursor-1.1.14/debian/changelog
@@ -1,3 +1,11 @@
+libxcursor (1:1.1.14-1+deb9u2) stretch-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix a denial of service or potentially code execution via
+    a one-byte heap overflow. (CVE-2015-9262) Closes: #906012)
+
+ -- Chris Lamb <la...@debian.org>  Mon, 13 Aug 2018 09:09:13 +0200
+
 libxcursor (1:1.1.14-1+deb9u1) stretch-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -u libxcursor-1.1.14/debian/patches/series 
libxcursor-1.1.14/debian/patches/series
--- libxcursor-1.1.14/debian/patches/series
+++ libxcursor-1.1.14/debian/patches/series
@@ -1 +1,2 @@
+CVE-2015-9262.patch
 Fix-heap-overflows-when-parsing-malicious-files.-CVE.patch
only in patch2:
unchanged:
--- libxcursor-1.1.14.orig/debian/patches/CVE-2015-9262.patch
+++ libxcursor-1.1.14/debian/patches/CVE-2015-9262.patch
@@ -0,0 +1,23 @@
+commit 897213f36baf6926daf6d192c709cf627aa5fd05
+Author: shubham shrivastav <shubham...@samsung.com>
+Date:   Fri Jun 5 13:36:22 2015 -0700
+
+    Insufficient memory for terminating null of string in _XcursorThemeInherits
+
+    Fix does one byte of memory allocation for null termination of string.
+    https://bugs.freedesktop.org/show_bug.cgi?id=90857
+
+    Reviewed-by: Keith Packard <kei...@keithp.com>
+    Signed-off-by: Alan Coopersmith <alan.coopersm...@oracle.com>
+
+--- libxcursor-1.1.14.orig/src/library.c
++++ libxcursor-1.1.14/src/library.c
+@@ -180,7 +180,7 @@ _XcursorThemeInherits (const char *full)
+               if (*l != '=') continue;
+               l++;
+               while (*l == ' ') l++;
+-              result = malloc (strlen (l));
++              result = malloc (strlen (l) + 1);
+               if (result)
+               {
+                   r = result;

Reply via email to