[Bug 1212935] Re: Sync libxi 2:1.7.2-1 (main) from Debian unstable (main)

Robert Hooker sarvatt at gmail.com
Fri Aug 16 04:36:17 UTC 2013 

Marking this invalid,   * Add a breaks to xorg-server 1.13 and old
unity. is still needed until 14.04.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1212935

Title:
  Sync libxi 2:1.7.2-1 (main) from Debian unstable (main)

Status in “libxi” package in Ubuntu:
  Invalid

Bug description:
  Please sync libxi 2:1.7.2-1 (main) from Debian unstable (main)

  Explanation of the Ubuntu delta and why it can be dropped:
    [ Maarten Lankhorst ]
    * Merge from debian-unstable.
    * Add a breaks to xorg-server 1.13 and old unity.
    * SECURITY UPDATE: denial of service and possible code execution via
      incorrect memory size calculations
      - debian/patches/CVE-2013-1984.patch: fix multiple integer overflows.
      - CVE-2013-1984
    * SECURITY UPDATE: denial of service and possible code execution via
      incorrect memory size calculations from signedness issues
      - debian/patches/CVE-2013-1995.patch: fix signedness issues in
        src/XListDev.c.
      - CVE-2013-1995
    * SECURITY UPDATE: denial of service and possible code execution via
      incorrect length and bounds checking
      - debian/patches/CVE-2013-1998.patch: properly check lengths and
        indexes in src/XGetBMap.c, src/XIPassiveGrab.c, src/XQueryDv.c.
      - CVE-2013-1998
    * revert-xi2.3.diff: Change .pc file to set version back to 1.6.1, to avoid
      tricking module checks of reverse dependencies into thinking that the
      installed libxi supports pointer barrier events. Fixes mutter FTBFS.
    * revert support for the new pointer barrier events for now, until
      the rest of the stack is ready.
    * Sync from unreleased debian git.
      - new upstream release
    * New upstream release.
    * control: Bump policy to 3.9.4, no changes.
    * add-missing-xi_rawtouch.diff: Upstream commit to add XI_RawTouch in
      XInputCopyCookie.
    * control: Bump x11proto-input-dev build-dep to 2.2.99.1.
    * libxi6.symbols: Added new symbols.

  
  The SECURITY UPDATES are all upstream in the newer version, the previous updates were fixes because of the pointer barriers api changes that are no longer needed. All of the rest of the changes are in debian now.

  Changelog entries since current saucy version 2:1.7.1.901-1ubuntu1:

  libxi (2:1.7.2-1) unstable; urgency=low

    * New upstream release.

   -- Julien Cristau <jcristau at debian.org>  Mon, 12 Aug 2013 18:46:14
  +0200

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxi/+bug/1212935/+subscriptions

More information about the Ubuntu-sponsors mailing list