[crux-commits] ports/xorg (3.5): [notify] xorg-libx11: updated to 1.6.12. Fix for CVE-2020-14363

crux at crux.nu crux at crux.nu
Tue Aug 25 18:11:35 UTC 2020


commit 2e1f3734042599a1359f14b4dcee310ed4e15942
Author: Fredrik Rinnestam <fredrik at crux.nu>
Date:   Tue Aug 25 20:11:00 2020 +0200

    [notify] xorg-libx11: updated to 1.6.12. Fix for CVE-2020-14363
    
    Double free in libX11 locale handling code
    ==========================================
    
    CVE-2020-14363
    
    There is an integer overflow and a double free vulnerability in the way
    LibX11 handles locales. The integer overflow is a necessary precursor to
    the double free.

diff --git a/xorg-libx11/.signature b/xorg-libx11/.signature
index e5c23d8e..a8d01ada 100644
--- a/xorg-libx11/.signature
+++ b/xorg-libx11/.signature
@@ -1,5 +1,5 @@
 untrusted comment: verify with /etc/ports/xorg.pub
-RWTSGWF5Q7TndKE5Nbm9SeX2jxajU5/N+KlDnCCg12u9OimkGo/jLPzBtjwABBWr0raA3OOCaUAmJrPiSijHEBH0DnlYnb6bLwE=
-SHA256 (Pkgfile) = 8db505225ffa207e5f19485bb635d535300125ee46aa4d15554a0c2955edbca5
+RWTSGWF5Q7TndN2s1eFlxBrWh22uhpm2CDBJnZ+CRRAljQlQ4F8ce8Qna2gJZLBGr6I7UI95iF4U6L1jJWwat5Bn8YkaBTK2aA4=
+SHA256 (Pkgfile) = 83a4996fb7bca76974ab582adcb374f0983fd31a0528d53393e1fd47fdcb0870
 SHA256 (.footprint) = ccb5120a2b76cd91ac3aa131a2de98674a22f34e0c7197ad2d98e41cb78f8775
-SHA256 (libX11-1.6.11.tar.bz2) = b1cc4b802058be7e3fb438ee2490f66fcc52ac3b2a14f47a22cbf77638e33606
+SHA256 (libX11-1.6.12.tar.bz2) = f108227469419ac04d196df0f3b80ce1f7f65059bb54c0de811f4d8e03fd6ec7
diff --git a/xorg-libx11/Pkgfile b/xorg-libx11/Pkgfile
index a108c05c..f102ae38 100644
--- a/xorg-libx11/Pkgfile
+++ b/xorg-libx11/Pkgfile
@@ -4,7 +4,7 @@
 # Depends on: xorg-libxcb xorg-xtrans
 
 name=xorg-libx11
-version=1.6.11
+version=1.6.12
 release=1
 source=(https://www.x.org/releases/individual/lib/libX11-$version.tar.bz2)
 


More information about the crux-commits mailing list