Bug 172752

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) 2007-03-30 06:32:25 UTC

x11 please advise.

Comment 2 Donnie Berkholz (RETIRED) 2007-03-30 07:39:41 UTC

Quoting from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045;msg=85 -- in particular, see the end of this quote for security relevance.

"For both the broken.xwd and broken2.xwd files in bug #414045,
the offending operation is in libx11-1.0.3/src/ImUtil.c:505
   dst++ = *src++;
and in fact it's the src pointer that is out of range.
This suggests it's "only" a DOS problem, or at worst an
information leak problem, but no direct exploit is possible."

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) 2007-03-30 07:50:42 UTC

I'm not sure of the severity but RH states integer overflow and the bug with the patch is restricted (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231694)

Should we just put it as upstream until more information becomes available (ie. CVE id)?

Comment 4 Donnie Berkholz (RETIRED) 2007-03-30 17:08:13 UTC

(In reply to comment #3)
> Should we just put it as upstream until more information becomes available (ie.
> CVE id)?

Sure, if you want. But there seems to be a CVE ID in the subject already..

Comment 5 Sune Kloppenborg Jeppesen (RETIRED) 2007-03-30 19:52:41 UTC

Donnie if you're eager to commit just go ahead, I was just being cautious :)

Though CVE ids can be both rejected and contested, so the id in itself doesn't guarantee anything other than giving a common naming system across vendors.

Comment 6 Sune Kloppenborg Jeppesen (RETIRED) 2007-04-04 06:39:42 UTC

Redhat issued an errata here (this also covers the issues from bug #172575):

http://rhn.redhat.com/errata/RHSA-2007-0125.html

Comment 7 Donnie Berkholz (RETIRED) 2007-04-05 07:02:01 UTC

Arches need to stable x11-libs/libX11-1.0.3-r2 or libX11-1.1.1-r1, at their option.

libX11-1.1.1-r1.ebuild was recently introduced into ~x86 to do nothing different but additionally apply this patch:

xorg-libX11-1.1.1-xinitimage.diff

The cvs comment for the change refers to the number of this bug.

I had to downdrade to libX11-1.1.1 because this change causes opera
to segfault. I recommend *not* stablizing this change.

Comment 9 Donnie Berkholz (RETIRED) 2007-04-05 22:50:15 UTC

Perhaps this should block on bug #173505.

Comment 10 Sune Kloppenborg Jeppesen (RETIRED) 2007-04-11 10:28:58 UTC

As far as I can see from that bug it's a bug in the client application and not in the patch itself so I suppose we can start marking this one stable. Donnie what do you say?

Comment 11 Donnie Berkholz (RETIRED) 2007-04-11 18:15:12 UTC

(In reply to comment #10)
> As far as I can see from that bug it's a bug in the client application and not
> in the patch itself so I suppose we can start marking this one stable. Donnie
> what do you say?

Agreed.

Comment 12 Sune Kloppenborg Jeppesen (RETIRED) 2007-04-11 19:39:49 UTC

Arches please test and mark stable. Target keywords are:

libX11-1.1.1-r1.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd"

Comment 13 Markus Rothe (RETIRED) 2007-04-11 20:22:51 UTC

stable on ppc64:

dev-libs/libpthread-stubs-0.1
x11-proto/xcb-proto-1.0
x11-libs/libxcb-1.0
x11-libs/libX11-1.1.1-r1

Comment 14 Peter Weller (RETIRED) 2007-04-11 20:34:47 UTC

ditto on amd64

Comment 15 Raúl Porcel (RETIRED) 2007-04-11 20:40:08 UTC

stable on ia64:

x11-proto/xcb-proto-1.0
x11-libs/libxcb-1.0

stable on x86 + ia64:
x11-libs/libX11-1.1.1-r1

Comment 16 Jeroen Roovers (RETIRED) 2007-04-11 21:06:17 UTC

Stable for HPPA.

Comment 17 Gustavo Zacarias (RETIRED) 2007-04-12 19:46:41 UTC

sparc stable.

Comment 18 Tobias Scherbaum (RETIRED) 2007-04-13 15:43:05 UTC

ppc stable

Comment 19 Jose Luis Rivero (yoswink) (RETIRED) 2007-04-18 10:52:28 UTC

alpha done

Comment 20 Raphael Marichez (Falco) (RETIRED) 2007-05-05 23:11:34 UTC

GLSA 200705-06, thanks everybody

Comment 21 Joshua Kinard 2007-11-20 05:35:26 UTC

1.1.2 is stable for us (at some point)