Re: CVE Request: xorg-server and pixman

[Jamie Strandboge <jamie () canonical com>]

On 12/04/2013 01:09 AM, Murray McAllister wrote:
> On 12/04/2013 03:32 PM, Kurt Seifried wrote:
> > On 12/03/2013 10:54 AM, Jamie Strandboge wrote:
> >
> > > Hi,
> >
> > > This bug has been public since August but I could find a CVE for
> > > it: https://launchpad.net/bugs/1197921
> >
> > > There are two bugs - Xorg can be made to crash and pixman can
> > > trigger the aformentioned Xorg crash. A simplified reproducer is in
> > > the pixman patches with another reproducer in the Launchpad bug.
> > > The xorg
> >
> > > xorg-server - exa: only draw valid trapezoids The patch was
> > > submitted in October but doesn't seem to be applied yet, so I'm 
> > > CC'ing xorg_security. Patch references the pixman f.d.o bug, but
> > > doesn't seem to have an associated xorg bug. 
> > > http://patchwork.freedesktop.org/patch/14769/ 
> > > http://lists.x.org/archives/xorg-devel/2013-October/037996.html
> >
> > > Pixman - Corrupted CustomShape crashes Xorg 
> > > https://bugs.freedesktop.org/show_bug.cgi?id=67484 Patch: -
> > > 5e14da97f16e421d084a9e735be21b1025150f0c (fix) -
> > > 2f876cf86718d3dd9b3b04ae9552530edafe58a1 (test case)
> >
> > > Thanks!
> >
> >
> > So only x.org crashes, you can trigger it via X.org, or via pixman? or
> > is pixman also crashing?
>
> From https://bugs.freedesktop.org/show_bug.cgi?id=67484 and
> http://patchwork.freedesktop.org/patch/14769/ it sounded like it would
> affect both 1) crash an application using pixman 2) crash the X server
>
> Is that correct?

AIUI, this is correct. See:
https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921/comments/28

"No, it really is a bug in pixman too. I just fixed the same comparison that
happens in xorg-server, but pixman is still affected."


-- 
Jamie Strandboge                 http://www.ubuntu.com/

Attachment: signature.asc
Description: OpenPGP digital signature