[crux-commits] ports/xorg (3.6): [notify] xorg-libx11: 1.6.10. Fix for CVE-2020-14344

crux at crux.nu crux at crux.nu
Fri Jul 31 20:52:18 UTC 2020


commit 7617936b6ec8893f24f2716b3f419b9143abc49c
Author: Fredrik Rinnestam <fredrik at crux.nu>
Date:   Fri Jul 31 22:48:49 2020 +0200

    [notify] xorg-libx11: 1.6.10. Fix for CVE-2020-14344
    
    X.Org security advisory: July 31, 2020
    
    Heap corruption in the X input method client in libX11
    ======================================================
    
    CVE-2020-14344
    
    The X Input Method (XIM) client implementation in libX11 has some
    integer overflows and signed/unsigned comparison issues that can lead
    to heap corruption when handling malformed messages from an input
    method.

diff --git a/xorg-libx11/.signature b/xorg-libx11/.signature
index fb9895e8..6a4dc0d5 100644
--- a/xorg-libx11/.signature
+++ b/xorg-libx11/.signature
@@ -1,5 +1,5 @@
 untrusted comment: verify with /etc/ports/xorg.pub
-RWTSGWF5Q7TndJShL5nVQU+teNZL3HWRSEF3lEUM5vrdUrVpFdQNMPyGuru/ir2akC9Nl/BNrhVI2hZ4z986bBgyXhSgXK2SiQw=
-SHA256 (Pkgfile) = 12e8fe843d6069bd190e015b0890aa59bcb4428625ea7b98f71c903dc347d4b6
+RWTSGWF5Q7TndP5QnMnd3Bc3AYuxunpA7/co8XQG1Uqr2Yu5rHi9aAXA4Xt8x5f5f2Gh09v9+xqjIqxRIOlcRplN6o+o9TffAA8=
+SHA256 (Pkgfile) = ec42db901f6c6e501c12a1b4cfcb2d011480dd91f92fae24334590829a9c5dd5
 SHA256 (.footprint) = ccb5120a2b76cd91ac3aa131a2de98674a22f34e0c7197ad2d98e41cb78f8775
-SHA256 (libX11-1.6.9.tar.bz2) = 9cc7e8d000d6193fa5af580d50d689380b8287052270f5bb26a5fb6b58b2bed1
+SHA256 (libX11-1.6.10.tar.bz2) = af48626989b8515c994777896bd7b7ba2bd5b1ef4e1efaee0a55d8852bbe6226
diff --git a/xorg-libx11/Pkgfile b/xorg-libx11/Pkgfile
index 67e1a96b..5ceabac9 100644
--- a/xorg-libx11/Pkgfile
+++ b/xorg-libx11/Pkgfile
@@ -4,7 +4,7 @@
 # Depends on: xorg-libxcb xorg-xtrans
 
 name=xorg-libx11
-version=1.6.9
+version=1.6.10
 release=1
 source=(https://www.x.org/releases/individual/lib/libX11-$version.tar.bz2)
 


More information about the crux-commits mailing list