Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | glx: Length checking for non-generated single requests (v2) [CVE-2014-8098 7/8] | Adam Jackson | 2015-02-14 | 1 | -5/+14 |
| | | | | | | | | | | | | | | | | | | | | | | v2: Fix single versus vendor-private length checking for ARB_imaging subset extensions. (Julien Cristau) v3: Fix single versus vendor-private length checking for ARB_imaging subset extensions. (Julien Cristau) v4: backport to nx-libs 3.6.x (Mike DePaulo) Reviewed-by: Michal Srb <msrb@suse.com> Reviewed-by: Andy Ritger <aritger@nvidia.com> Signed-off-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Julien Cristau <jcristau@debian.org> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Fedora X Ninjas <x@fedoraproject.org> Signed-off-by: Dave Airlie <airlied@redhat.com> fix safe_Add | ||||
* | glx: Be more strict about rejecting invalid image sizes [CVE-2014-8093 2/6] | Adam Jackson | 2015-02-14 | 1 | -7/+7 |
| | | | | | | | | | | | | | | | | | | Before this we'd just clamp the image size to 0, which was just hideously stupid; if the parameters were such that they'd overflow an integer, you'd allocate a small buffer, then pass huge values into (say) ReadPixels, and now you're scribbling over arbitrary server memory. v2: backport to nx-libs 3.6.x (Mike DePaulo) Reviewed-by: Keith Packard <keithp@keithp.com> Reviewed-by: Julien Cristau <jcristau@debian.org> Reviewed-by: Michal Srb <msrb@suse.com> Reviewed-by: Andy Ritger <aritger@nvidia.com> Signed-off-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Fedora X Ninjas <x@fedoraproject.org> Signed-off-by: Dave Airlie <airlied@redhat.com> | ||||
* | Imported nx-X11-3.1.0-1.tar.gznx-X11/3.1.0-1 | Reinhard Tartler | 2011-10-10 | 1 | -0/+462 |
Summary: Imported nx-X11-3.1.0-1.tar.gz Keywords: Imported nx-X11-3.1.0-1.tar.gz into Git repository |