ports/xorg (3.5): [notify] xorg-libx11: 1.6.10. Fix for CVE-2020-14344
commit 7617936b6ec8893f24f2716b3f419b9143abc49c Author: Fredrik Rinnestam <fredrik@crux.nu> Date: Fri Jul 31 22:48:49 2020 +0200 [notify] xorg-libx11: 1.6.10. Fix for CVE-2020-14344 X.Org security advisory: July 31, 2020 Heap corruption in the X input method client in libX11 ====================================================== CVE-2020-14344 The X Input Method (XIM) client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method. diff --git a/xorg-libx11/.signature b/xorg-libx11/.signature index fb9895e8..6a4dc0d5 100644 --- a/xorg-libx11/.signature +++ b/xorg-libx11/.signature @@ -1,5 +1,5 @@ untrusted comment: verify with /etc/ports/xorg.pub -RWTSGWF5Q7TndJShL5nVQU+teNZL3HWRSEF3lEUM5vrdUrVpFdQNMPyGuru/ir2akC9Nl/BNrhVI2hZ4z986bBgyXhSgXK2SiQw= -SHA256 (Pkgfile) = 12e8fe843d6069bd190e015b0890aa59bcb4428625ea7b98f71c903dc347d4b6 +RWTSGWF5Q7TndP5QnMnd3Bc3AYuxunpA7/co8XQG1Uqr2Yu5rHi9aAXA4Xt8x5f5f2Gh09v9+xqjIqxRIOlcRplN6o+o9TffAA8= +SHA256 (Pkgfile) = ec42db901f6c6e501c12a1b4cfcb2d011480dd91f92fae24334590829a9c5dd5 SHA256 (.footprint) = ccb5120a2b76cd91ac3aa131a2de98674a22f34e0c7197ad2d98e41cb78f8775 -SHA256 (libX11-1.6.9.tar.bz2) = 9cc7e8d000d6193fa5af580d50d689380b8287052270f5bb26a5fb6b58b2bed1 +SHA256 (libX11-1.6.10.tar.bz2) = af48626989b8515c994777896bd7b7ba2bd5b1ef4e1efaee0a55d8852bbe6226 diff --git a/xorg-libx11/Pkgfile b/xorg-libx11/Pkgfile index 67e1a96b..5ceabac9 100644 --- a/xorg-libx11/Pkgfile +++ b/xorg-libx11/Pkgfile @@ -4,7 +4,7 @@ # Depends on: xorg-libxcb xorg-xtrans name=xorg-libx11 -version=1.6.9 +version=1.6.10 release=1 source=(https://www.x.org/releases/individual/lib/libX11-$version.tar.bz2)
participants (1)
-
crux@crux.nu