This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch 3.6.x in repository nx-libs. commit 7017c22c2b5dcacc8e337029f7ed82f4bcafb819 Author: Nathan Kidd <nkidd@opentext.com> Date: Mon Mar 5 11:01:49 2018 +0100 Xserver/Xext/saver.c Unvalidated lengths (X.org CVE-2017-12185). commit cad5a1050b7184d828aef9c1dd151c3ab649d37e Author: Nathan Kidd <nkidd@opentext.com> Date: Fri Jan 9 09:57:23 2015 -0500 Unvalidated lengths v2: Add overflow check and remove unnecessary check (Julien Cristau) This addresses: CVE-2017-12184 in XINERAMA CVE-2017-12185 in MIT-SCREEN-SAVER CVE-2017-12186 in X-Resource CVE-2017-12187 in RENDER Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> Reviewed-by: Julien Cristau <jcristau@debian.org> Signed-off-by: Nathan Kidd <nkidd@opentext.com> Signed-off-by: Julien Cristau <jcristau@debian.org> Backported-to-NX-by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> --- nx-X11/programs/Xserver/Xext/saver.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nx-X11/programs/Xserver/Xext/saver.c b/nx-X11/programs/Xserver/Xext/saver.c index 0b79a00..89eebd7 100644 --- a/nx-X11/programs/Xserver/Xext/saver.c +++ b/nx-X11/programs/Xserver/Xext/saver.c @@ -1342,6 +1342,8 @@ ProcScreenSaverUnsetAttributes (ClientPtr client) PanoramiXRes *draw; int i; + REQUEST_SIZE_MATCH(xScreenSaverUnsetAttributesReq); + if(!(draw = (PanoramiXRes *)SecurityLookupIDByClass( client, stuff->drawable, XRC_DRAWABLE, DixWriteAccess))) return BadDrawable; -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/nx-libs.git