Description: "The X Input Method (XIM) client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method."
"libX11 1.6.10 will be released shortly and will include those patches." Bump when ready, thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8d6ca4533b82ae5ba111fa3306fde5503e458b6 commit a8d6ca4533b82ae5ba111fa3306fde5503e458b6 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2020-07-31 19:38:49 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2020-07-31 19:42:14 +0000 x11-libs/libX11: Version bump to 1.6.10 Bug: https://bugs.gentoo.org/734974 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-libs/libX11/Manifest | 1 + x11-libs/libX11/libX11-1.6.10.ebuild | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+)
Thanks. Tell us when ready to stable.
Unable to check for sanity: > no match for package: dev-libs/libX11-1.6.10
1.6.11 will be released this week with a fix for the blocking bug. We'll stabilize that instead.
(In reply to Matt Turner from comment #5) > 1.6.11 will be released this week with a fix for the blocking bug. We'll > stabilize that instead. Thanks.
amd64 stable
sparc stable
hppa stable
arm done
arm64 done
x86 done
s390 stable
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
This issue was resolved and addressed in GLSA 202008-18 at https://security.gentoo.org/glsa/202008-18 by GLSA coordinator Sam James (sam_c).