From 7617936b6ec8893f24f2716b3f419b9143abc49c Mon Sep 17 00:00:00 2001 From: Fredrik Rinnestam Date: Fri, 31 Jul 2020 22:48:49 +0200 Subject: [PATCH] [notify] xorg-libx11: 1.6.10. Fix for CVE-2020-14344 X.Org security advisory: July 31, 2020 Heap corruption in the X input method client in libX11 ====================================================== CVE-2020-14344 The X Input Method (XIM) client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method. --- xorg-libx11/.signature | 6 +++--- xorg-libx11/Pkgfile | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/xorg-libx11/.signature b/xorg-libx11/.signature index fb9895e8..6a4dc0d5 100644 --- a/xorg-libx11/.signature +++ b/xorg-libx11/.signature @@ -1,5 +1,5 @@ untrusted comment: verify with /etc/ports/xorg.pub -RWTSGWF5Q7TndJShL5nVQU+teNZL3HWRSEF3lEUM5vrdUrVpFdQNMPyGuru/ir2akC9Nl/BNrhVI2hZ4z986bBgyXhSgXK2SiQw= -SHA256 (Pkgfile) = 12e8fe843d6069bd190e015b0890aa59bcb4428625ea7b98f71c903dc347d4b6 +RWTSGWF5Q7TndP5QnMnd3Bc3AYuxunpA7/co8XQG1Uqr2Yu5rHi9aAXA4Xt8x5f5f2Gh09v9+xqjIqxRIOlcRplN6o+o9TffAA8= +SHA256 (Pkgfile) = ec42db901f6c6e501c12a1b4cfcb2d011480dd91f92fae24334590829a9c5dd5 SHA256 (.footprint) = ccb5120a2b76cd91ac3aa131a2de98674a22f34e0c7197ad2d98e41cb78f8775 -SHA256 (libX11-1.6.9.tar.bz2) = 9cc7e8d000d6193fa5af580d50d689380b8287052270f5bb26a5fb6b58b2bed1 +SHA256 (libX11-1.6.10.tar.bz2) = af48626989b8515c994777896bd7b7ba2bd5b1ef4e1efaee0a55d8852bbe6226 diff --git a/xorg-libx11/Pkgfile b/xorg-libx11/Pkgfile index 67e1a96b..5ceabac9 100644 --- a/xorg-libx11/Pkgfile +++ b/xorg-libx11/Pkgfile @@ -4,7 +4,7 @@ # Depends on: xorg-libxcb xorg-xtrans name=xorg-libx11 -version=1.6.9 +version=1.6.10 release=1 source=(https://www.x.org/releases/individual/lib/libX11-$version.tar.bz2)