1
0

- U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch

* DeepCopyPointerClasses use-after-free (CVE-2023-0494, 
    ZDI-CAN-19596, bsc#1207783)

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=851
This commit is contained in:
Stefan Dirsch 2023-02-07 02:58:41 +00:00 committed by Git OBS Bridge
parent 130596bd3a
commit ac6d09dc19
3 changed files with 30 additions and 0 deletions

View File

@ -0,0 +1,20 @@
@@ -, +, @@
DeepCopyPointerClasses
---
Xi/exevents.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/Xi/exevents.c
+++ a/Xi/exevents.c
@@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
memcpy(to->button->xkb_acts, from->button->xkb_acts,
sizeof(XkbAction));
}
- else
+ else {
free(to->button->xkb_acts);
+ to->button->xkb_acts = NULL;
+ }
memcpy(to->button->labels, from->button->labels,
from->button->numButtons * sizeof(Atom));
--

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Feb 1 10:18:32 UTC 2023 - Stefan Dirsch <sndirsch@suse.com>
- U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
* DeepCopyPointerClasses use-after-free (CVE-2023-0494,
ZDI-CAN-19596, bsc#1207783)
-------------------------------------------------------------------
Wed Jan 25 16:02:23 UTC 2023 - Stefan Dirsch <sndirsch@suse.com>

View File

@ -243,6 +243,8 @@ Patch1940: U_xephyr-Don-t-check-for-SeatId-anymore.patch
Patch1960: u_sync-pci-ids-with-Mesa.patch
Patch1207783: U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
%description
This package contains the X.Org Server.
@ -401,6 +403,7 @@ sh %{SOURCE92} --verify . %{SOURCE91}
%patch1930 -p1
%patch1940 -p1
%patch1960 -p1
%patch1207783 -p1
%build
# We have some -z now related errors during X default startup (boo#1197994):