Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

libx11: CVE-2016-7942 CVE-2016-7943

Related Vulnerabilities: CVE-2016-7942   CVE-2016-7943  

Source

Debian Bug report logs - #840439
libx11: CVE-2016-7942 CVE-2016-7943

version graph

Package: src:libx11; Maintainer for src:libx11 is Debian X Strike Force <debian-x@lists.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Tue, 11 Oct 2016 15:33:04 UTC

Severity: important

Tags: patch, security, upstream

Found in version libx11/2:1.6.2-3

Fixed in version libx11/2:1.6.4-1

Done: Emilio Pozuelo Monfort <pochu@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#840439; Package src:libx11. (Tue, 11 Oct 2016 15:33:06 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian X Strike Force <debian-x@lists.debian.org>. (Tue, 11 Oct 2016 15:33:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libx11: CVE-2016-7942 CVE-2016-7943
Date: Tue, 11 Oct 2016 17:32:16 +0200
Source: libx11
Version: 2:1.6.2-3
Severity: important
Tags: security upstream patch

Hi,

the following vulnerabilities were published for libx11.

CVE-2016-7942[0], CVE-2016-7943[1].

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-7942
[1] https://security-tracker.debian.org/tracker/CVE-2016-7943

Regards,
Salvatore

Added tag(s) pending. Request was from Andreas Boll <andreas.boll.dev@gmail.com> to control@bugs.debian.org. (Tue, 25 Oct 2016 10:15:08 GMT) (full text, mbox, link).

Reply sent to Emilio Pozuelo Monfort <pochu@debian.org>:
You have taken responsibility. (Tue, 06 Dec 2016 00:51:04 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Tue, 06 Dec 2016 00:51:04 GMT) (full text, mbox, link).

Message #12 received at 840439-close@bugs.debian.org (full text, mbox, reply):

From: Emilio Pozuelo Monfort <pochu@debian.org>
To: 840439-close@bugs.debian.org
Subject: Bug#840439: fixed in libx11 2:1.6.4-1
Date: Tue, 06 Dec 2016 00:49:52 +0000
Source: libx11
Source-Version: 2:1.6.4-1

We believe that the bug you reported is fixed in the latest version of
libx11, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 840439@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emilio Pozuelo Monfort <pochu@debian.org> (supplier of updated libx11 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 06 Dec 2016 01:38:30 +0100
Source: libx11
Binary: libx11-6 libx11-6-udeb libx11-data libx11-dev libx11-xcb1 libx11-xcb-dev libx11-doc
Architecture: source
Version: 2:1.6.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Description:
 libx11-6   - X11 client-side library
 libx11-6-udeb - X11 client-side library (udeb)
 libx11-data - X11 client-side library
 libx11-dev - X11 client-side library (development headers)
 libx11-doc - X11 client-side library (development documentation)
 libx11-xcb-dev - Xlib/XCB interface library (development headers)
 libx11-xcb1 - Xlib/XCB interface library
Closes: 840439
Changes:
 libx11 (2:1.6.4-1) unstable; urgency=medium
 .
   [ Andreas Boll ]
   * New upstream release.
     - Fixes CVE-2016-7942 and CVE-2016-7943 (Closes: #840439).
   * Bump libxcb1-dev build-dep to 1.11.1 per configure.ac.
   * Update a bunch of URLs in packaging to https.
 .
   [ Julien Cristau ]
   * Update d/upstream/signing-key.asc with Matthieu Herrb's key.
 .
   [ Emilio Pozuelo Monfort ]
   * Cherry-pick upstream commit 20a3f99 to plug a memory leak in the
     security fix.
   * Bump debhelper compat to 10.
   * Switch from old debhelper to dh.
   * Drop workaround for old tarballs not shipping some files.
   * Switch to -dbgsym packages.
   * Bump Standards-Version to 3.9.8, no changes.
   * Drop libtool and automake build dependencies, debhelper takes
     care of that for us now.
Checksums-Sha1:
 690e78ff1b54d67dc60ed62d5bab9a7f98edbf35 2397 libx11_1.6.4-1.dsc
 04acc1fb67fe3752c3be65f906c8b0ecd2df3ccb 3095115 libx11_1.6.4.orig.tar.gz
 bd4c87682c9071c0244b2e3f8b2e0129fccbc38f 41775 libx11_1.6.4-1.diff.gz
Checksums-Sha256:
 94762379bf2eb4b1550e9e0faa27ce7996eaddf956f7a2fa40c36ecc1826d527 2397 libx11_1.6.4-1.dsc
 5d7fbb9e15c27900ea8963218a59750b674a8d7c94161b66e96fcfbdaa1c6263 3095115 libx11_1.6.4.orig.tar.gz
 c792cc19650c26cd14a7218e0adaf879da40b1f4e803f0e14d4cd7d8eaeb2292 41775 libx11_1.6.4-1.diff.gz
Files:
 7dbb71d860fcb37d6c339ed144521f0e 2397 x11 optional libx11_1.6.4-1.dsc
 f60fb9f397090ed7d75c8c8873014d1e 3095115 x11 optional libx11_1.6.4.orig.tar.gz
 dd82c0a6640552fdc4ae54168f53df68 41775 x11 optional libx11_1.6.4-1.diff.gz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlhGCJcACgkQnUbEiOQ2
gwKSnBAAySF7knPtvsUpc1wS55edUfNedhNT4x73vz19VmAMglFPFTQ2/kq5gFlo
ZR+zmJzb3Vvjwb/L20oK+9CwrDk+GA0CwNPUlfdTIkw2/nCcLny0lYicLbB81dW4
AFWJI7VGY2+DaHyxLDQZJtjCT22HyOYlnfUN+SMMR0+eviKdTd2OHJ9OtWG6c/aM
/lJzdLacy6EREFqrG4OB5sTOOxd0EUuWmIa6eD+ZnN8DAy6GLlU5qq9Xr0PomDCF
s5eT6r4W9hWiXkGIUGpWp7q2g748UlsZGWyBXfes0f8XqFVioddOR3Gkis1wPePt
RKwypCTIIWXVYNoQvBc0UgsG6nKF3CwpATTXYUMdBqBCLiXPxYJYODxpQsvat2OX
VdqPw/oTdvAo5hy4tuRPC0wtUSYrrqpFicJV4ip2J7SxwAdFW6v5nEr0szfEIqNA
1IuPp+jiDlNT7ZwTApHJWynOeYL5qO2bOnu5ABzJfETbImOUFRotrU1+VO4DNXN0
7By36Z/qU0qKktnLn5BuXUg0c2fuSE3EF3dmsR/bClkS8CKPGNoqV9Sjgj7ML74j
Ev1JDKBi/VyLPmI0qOz8spexektkawqsQ/1unq7uXSCuMJ4098t1WyeRD7xNmv2I
FeQszGSA1A7bFR8MZP+9CK0cBac7+QdGau6UYmKH+1u87CpB/SU=
=HQ/m
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 27 Jan 2017 09:16:00 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:31:41 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started