From ${URL} : A divide-by-zero flaw was found in the way the X.Org server calculated the height of certain images. A malicious, authenticated client could use this flaw to crash the X.Org server. According to http://seclists.org/oss-sec/2015/q2/275 , this was introduced by the fix for the CVE-2014-8092 issue. Upstream patch: http://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
This issue obviously does not affect our latest stable xorg but only 1.12.4-r4. You can choose between: 1) Patch and stabilize 1.12 2) Remove 1.12
The fix has now been committed to the tree. The only stable version of xorg-server which was ever affected by this bug is 1.12.4-r4.
Arches, please stabilize x11-base/xorg-server-1.12.4-r5
amd64 stable
x86 stable
(In reply to Agostino Sarubbo from comment #4) > amd64 stable No. (In reply to Agostino Sarubbo from comment #5) > x86 stable No. Stable for PPC64.
arm stable
sparc stable
ppc stable
alpha stable
CVE-2015-3418 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3418): ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. ** TEMPORARY ** A divide-by-zero flaw was found in the way the X.Org server calculated the height of certain images. A malicious, authenticated client could use this flaw to crash the X.Org server.
ia64 stable
All arches are done. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s).
Cleanup done.
This issue was resolved and addressed in GLSA 201701-64 at https://security.gentoo.org/glsa/201701-64 by GLSA coordinator Thomas Deutschmann (whissi).
