Bug#906012: libxcursor: CVE-2015-9262

2018-09-02 Thread Bjoern
On 31/08/18 23:46, Julien Cristau wrote: Process questions are very much off-topic for this bug report, but... On 08/30/2018 09:43 AM, Bjoern wrote: As I am clearly unfamiliar with your processes, I really would appreciate the clarification to better my understanding and perhaps quell my concer

Bug#906012: libxcursor: CVE-2015-9262

2018-08-31 Thread Julien Cristau
Process questions are very much off-topic for this bug report, but... On 08/30/2018 09:43 AM, Bjoern wrote: > As I am clearly unfamiliar with your processes, I really would > appreciate the clarification to better my understanding and perhaps > quell my concerns: > >  * How far away is the 9.6 po

Bug#906012: libxcursor: CVE-2015-9262

2018-08-30 Thread Bjoern
On 27/08/18 18:22, Moritz Muehlenhoff wrote: On Mon, Aug 27, 2018 at 05:40:01PM +0800, Bjoern wrote: -- Begin Quote: -- From: Chris Lamb To: 906...@bugs.debian.org Cc: t...@security.debian.org Subject: Re: libxcursor: CVE-2015-9262 Date: Mon, 13 Aug 2018 08:18:27 +0100 [Mes

Bug#906012: libxcursor: CVE-2015-9262

2018-08-28 Thread Bjoern
On 27/08/18 18:22, Moritz Muehlenhoff wrote: On Mon, Aug 27, 2018 at 05:40:01PM +0800, Bjoern wrote: -- Begin Quote: -- From: Chris Lamb To: 906...@bugs.debian.org Cc: t...@security.debian.org Subject: Re: libxcursor: CVE-2015-9262 Date: Mon, 13 Aug 2018 08:18:27 +0100 [Mes

Bug#906012: libxcursor: CVE-2015-9262

2018-08-27 Thread Moritz Muehlenhoff
On Mon, Aug 27, 2018 at 05:40:01PM +0800, Bjoern wrote: > -- Begin Quote: -- > From: Chris Lamb > To: 906...@bugs.debian.org > Cc: t...@security.debian.org > Subject: Re: libxcursor: CVE-2015-9262 > Date: Mon, 13 Aug 2018 08:18:27 +0100 > > [Message part 1 (text/plain, inline)

Bug#906012: libxcursor: CVE-2015-9262

2018-08-27 Thread Bjoern
-- Begin Quote: -- From: Chris Lamb To: 906...@bugs.debian.org Cc: t...@security.debian.org Subject: Re: libxcursor: CVE-2015-9262 Date: Mon, 13 Aug 2018 08:18:27 +0100 [Message part 1 (text/plain, inline)] Hi security team, > libxcursor: CVE-2015-9262 I have prepared an u

Bug#906012: libxcursor: CVE-2015-9262

2018-08-14 Thread Chris Lamb
block 906012 by 906042 thanks Hi, > Looks fine, please upload to security-master: As discussed elsewhere we will not be doing a DSA for this. I've filed an s-p-u request as https://bugs.debian.org/906042. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org /

Bug#906012: libxcursor: CVE-2015-9262

2018-08-13 Thread Moritz Muehlenhoff
On Mon, Aug 13, 2018 at 08:18:27AM +0100, Chris Lamb wrote: > Hi security team, > > > libxcursor: CVE-2015-9262 > > I have prepared an update for stretch: > > libxcursor (1:1.1.14-1+deb9u2) stretch-security; urgency=high > >* Non-maintainer upload by the Security Team. >* Fix a denial

Bug#906012: libxcursor: CVE-2015-9262

2018-08-13 Thread Chris Lamb
Hi security team, > libxcursor: CVE-2015-9262 I have prepared an update for stretch: libxcursor (1:1.1.14-1+deb9u2) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Fix a denial of service or potentially code execution via a one-byte heap overflow. (CV

Bug#906012: libxcursor: CVE-2015-9262

2018-08-13 Thread Chris Lamb
Package: libxcursor Version: 1:1.1.14-1+deb8u1 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for libxcursor. CVE-2015-9262[0]: | _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows | remote attackers to cause