~thopiekar/xorg-server/+git/xorg-xserver:xorg-server-1.2-apple

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

02756b6... by Jeremy Sequoia on 2008-08-21

Re-added LSBackgroundOnly which got removed from the plist

c5c67b4... by Jeremy Sequoia on 2008-07-23

1.3.0-apple22

b919376... by Jeremy Sequoia on 2008-07-23

Moved the 1.3 server to use the same xtrans changes as the 1.4 branch.

b337387... by Jeremy Sequoia on 2008-06-11

1.3.0-apple21

89ef982... by Jeremy Sequoia on 2008-06-11

Merge branch 'server-1.3-branch' into xorg-server-1.2-apple

f912b5c... by Matthieu Herrb on 2008-06-08

CVE-2008-2360 - RENDER Extension heap buffer overflow

An integer overflow may occur in the computation of the size of the
glyph to be allocated by the AllocateGlyph() function which will cause
less memory to be allocated than expected, leading to later heap
overflow.

On systems where the X SIGSEGV handler includes a stack trace, more
malloc()-type functions are called, which may lead to other
exploitable issues.
(cherry picked from commit b1a4a96885bf191d5f4afcfb2b41a88631b8412b)

ea62dfc... by Matthieu Herrb on 2008-06-08

CVE-2008-2360 - RENDER Extension heap buffer overflow

An integer overflow may occur in the computation of the size of the
glyph to be allocated by the AllocateGlyph() function which will cause
less memory to be allocated than expected, leading to later heap
overflow.

On systems where the X SIGSEGV handler includes a stack trace, more
malloc()-type functions are called, which may lead to other
exploitable issues.
(cherry picked from commit b1a4a96885bf191d5f4afcfb2b41a88631b8412b)

6d0a0a6... by Matthieu Herrb on 2008-06-10

CVE-2008-2362 - RENDER Extension memory corruption

Integer overflows can occur in the code validating the parameters for
the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient
and SProcRenderCreateConicalGradient functions, leading to memory
corruption by swapping bytes outside of the intended request
parameters.
(cherry picked from commit 9171206db349a0c6fda719746be0b15049d57aaa)

87e9419... by Matthieu Herrb on 2008-06-10

CVE-2008-2361 - RENDER Extension crash

An integer overflow may occur in the computation of the size of the
glyph to be allocated by the ProcRenderCreateCursor() function which
will cause less memory to be allocated than expected, leading later to
dereferencing un-mapped memory, causing a crash of the X server.
(cherry picked from commit 5257a0f83d5f3d80d0cd44dd76d047bac3869592)

b0a9b42... by Matthieu Herrb on 2008-06-10

CVE-2008-1379 - MIT-SHM arbitrary memory read

An integer overflow in the validation of the parameters of the
ShmPutImage() request makes it possible to trigger the copy of
arbitrary server memory to a pixmap that can subsequently be read by
the client, to read arbitrary parts of the X server memory space.
(cherry picked from commit 063f18ef6d7bf834225ddfd3527e58c078628f5f)