libX11 1.8.6, including fix for CVE-2023-3138 (!212) · Merge requests · xorg / lib / libX11

Alan Coopersmith requested to merge alanc/libx11:XE into master Jun 15, 2023

Fixes CVE-2023-3138: X servers could return values from XQueryExtension that would cause Xlib to write entries out-of-bounds of the arrays to store them, though this would only overwrite other parts of the Display struct, not outside the bounds allocated for that structure.

Reported-by: Gregory James DUCK gjduck@gmail.com Signed-off-by: Alan Coopersmith alan.coopersmith@oracle.com

Admin message

libX11 1.8.6, including fix for CVE-2023-3138

Merge request reports