[Secure-testing-team] Bug#889681: wayland: CVE-2017-16612
Salvatore Bonaccorso
carnil at debian.org
Mon Feb 5 19:48:56 UTC 2018
Source: wayland
Version: 1.6.0-1
Severity: important
Tags: patch security upstream
Forwarded: https://bugs.freedesktop.org/show_bug.cgi?id=103961
Hi,
the following vulnerability was published for wayland.
CVE-2017-16612[0]:
| libXcursor before 1.1.15 has various integer overflows that could lead
| to heap buffer overflows when processing malicious cursors, e.g., with
| programs like GIMP. It is also possible that an attack vector exists
| against the related code in cursor/xcursor.c in Wayland through
| 1.14.0.
Note, I asked MITRE for advice if the CVE should apply as well to
wayland leading to the above updated description.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-16612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16612
[1] https://bugs.freedesktop.org/show_bug.cgi?id=103961
[2] https://cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38
[3] https://lists.freedesktop.org/archives/wayland-devel/2017-November/035979.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list