1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
PublicDateAtUSN: 2013-05-23 15:00:00 UTC
Candidate: CVE-2013-2000
CRD: 2013-05-23 15:00:00 UTC
PublicDate: 2013-06-15
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2000
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
http://www.debian.org/security/2013/dsa-2690
http://www.ubuntu.com/usn/usn-1869-1
Description:
Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X
servers to cause a denial of service (crash) and possibly execute arbitrary
code via crafted length or index values to the (1) XDGAQueryModes and (2)
XDGASetMode functions.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Ilja van Sprundel
Assigned-to: mdeslaur
Patches_libxxf86dga:
upstream: http://cgit.freedesktop.org/xorg/lib/libXxf86dga/commit/?id=5dcfa6a8cf2df39828da733e5945e730518c27b3 (1/2)
upstream: http://cgit.freedesktop.org/xorg/lib/libXxf86dga/commit/?id=b69d6d51a82b1d1e8c68a233360acb742c879375 (2/2)
upstream_libxxf86dga: pending (1.1.4)
lucid_libxxf86dga: ignored (reached end-of-life)
precise_libxxf86dga: released (2:1.1.2-1ubuntu0.1)
quantal_libxxf86dga: released (2:1.1.3-2ubuntu0.12.10.1)
raring_libxxf86dga: released (2:1.1.3-2ubuntu0.13.04.1)
devel_libxxf86dga: not-affected (2:1.1.3-2+deb7u1)
|