oss-sec mailing list archives

Re: X.Org server security advisory: August 25, 2020

From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Tue, 25 Aug 2020 12:22:35 -0700

On 8/25/20 8:37 AM, Matthieu Herrb wrote:

* CVE-2020-1436 / ZDI CAN 11574 XRecordRegisterClients Integer Underflow

An integer underflow exist in the handler for the CreateRegister
request of the X record extension.


This entry was missing a digit in the CVE id, the correct id was listed
in the later half:

commit 24acad216aa0fc2ac451c67b2b86db057a032050

     Fix XRecordRegisterClients() Integer underflow

     CVE-2020-14362 ZDI-CAN-11574


These advisories have also now been published on the X.Org security page at
https://www.x.org/wiki/Development/Security/

--
        -Alan Coopersmith-              alan.coopersmith () oracle com
          X.Org Security Response Team - xorg-security () lists x org

Current thread:

X.Org server security advisory: August 25, 2020 Matthieu Herrb (Aug 25)
- Re: X.Org server security advisory: August 25, 2020 Alan Coopersmith (Aug 25)