File _patchinfo of Package patchinfo
<patchinfo incident="150">
<packager>jluce2</packager>
<issue tracker="bnc" id="823410">Xvfb missing randr support</issue>
<issue tracker="bnc" id="815583">VUL-0: xorg-x11-server: X-server DoS</issue>
<category>security</category>
<rating>moderate</rating>
<summary>update for xorg-x11-server</summary>
<description>This xorg-x11-server update fixes a DoS vulnerability and
adds randr support.
- U_os-Reset-input-buffer-s-ignoreBytes-field.patch
* If a client sends a request larger than
maxBigRequestSize, the server is supposed to ignore it.
Before commit cf88363d, the server would simply
disconnect the client. After that commit, it attempts
to gracefully ignore the request by remembering how
long the client specified the request to be, and
ignoring that many bytes. However, if a client sends a
BigReq header with a large size and disconnects before
actually sending the rest of the specified request, the
server will reuse the ConnectionInput buffer without
resetting the ignoreBytes field. This makes the server
ignore new X clients' requests. This fixes that
behavior by resetting the ignoreBytes field when
putting the ConnectionInput buffer back on the
FreeInputs list. (bnc#815583)
- u_xserver_xvfb-randr.patch
* Add randr support to Xvfb (bnc#823410)</description>
</patchinfo>