Re: CVE Request: xorg-server and pixman

[Murray McAllister <mmcallis () redhat com>]

On 12/04/2013 03:32 PM, Kurt Seifried wrote:
> On 12/03/2013 10:54 AM, Jamie Strandboge wrote:
>
> > Hi,
>
> > This bug has been public since August but I could find a CVE for
> > it: https://launchpad.net/bugs/1197921
>
> > There are two bugs - Xorg can be made to crash and pixman can
> > trigger the aformentioned Xorg crash. A simplified reproducer is in
> > the pixman patches with another reproducer in the Launchpad bug.
> > The xorg
>
> > xorg-server - exa: only draw valid trapezoids The patch was
> > submitted in October but doesn't seem to be applied yet, so I'm 
> > CC'ing xorg_security. Patch references the pixman f.d.o bug, but
> > doesn't seem to have an associated xorg bug. 
> > http://patchwork.freedesktop.org/patch/14769/ 
> > http://lists.x.org/archives/xorg-devel/2013-October/037996.html
>
> > Pixman - Corrupted CustomShape crashes Xorg 
> > https://bugs.freedesktop.org/show_bug.cgi?id=67484 Patch: -
> > 5e14da97f16e421d084a9e735be21b1025150f0c (fix) -
> > 2f876cf86718d3dd9b3b04ae9552530edafe58a1 (test case)
>
> > Thanks!
>
>
> So only x.org crashes, you can trigger it via X.org, or via pixman? or
> is pixman also crashing?

> From https://bugs.freedesktop.org/show_bug.cgi?id=67484 and
http://patchwork.freedesktop.org/patch/14769/ it sounded like it would
affect both 1) crash an application using pixman 2) crash the X server

Is that correct?

--
Murray McAllister / Red Hat Security Response Team