From 98e3af04b61fa29d7a98a16585c86aa34ed72c25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Tue, 28 Nov 2017 20:59:59 +0100 Subject: [PATCH] xorg.libXcursor: security 1.1.14 -> 1.1.15 Fix heap overflows when parsing malicious files. (CVE-2017-16612) --- pkgs/servers/x11/xorg/default.nix | 6 +++--- pkgs/servers/x11/xorg/tarballs-7.7.list | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix index 92122734b9d..1f301ea27e6 100644 --- a/pkgs/servers/x11/xorg/default.nix +++ b/pkgs/servers/x11/xorg/default.nix @@ -788,11 +788,11 @@ let }) // {inherit compositeproto libX11 libXfixes xproto ;}; libXcursor = (mkDerivation "libXcursor" { - name = "libXcursor-1.1.14"; + name = "libXcursor-1.1.15"; builder = ./builder.sh; src = fetchurl { - url = mirror://xorg/individual/lib/libXcursor-1.1.14.tar.bz2; - sha256 = "1prkdicl5y5yx32h1azh6gjfbijvjp415javv8dsakd13jrarilv"; + url = mirror://xorg/individual/lib/libXcursor-1.1.15.tar.bz2; + sha256 = "0syzlfvh29037p0vnlc8f3jxz8nl55k65blswsakklkwsc6nfki9"; }; nativeBuildInputs = [ pkgconfig ]; buildInputs = [ fixesproto libX11 libXfixes xproto libXrender ]; diff --git a/pkgs/servers/x11/xorg/tarballs-7.7.list b/pkgs/servers/x11/xorg/tarballs-7.7.list index 166696ce5eb..e877eb261ee 100644 --- a/pkgs/servers/x11/xorg/tarballs-7.7.list +++ b/pkgs/servers/x11/xorg/tarballs-7.7.list @@ -63,7 +63,7 @@ mirror://xorg/individual/lib/libX11-1.6.5.tar.bz2 mirror://xorg/individual/lib/libXau-1.0.8.tar.bz2 mirror://xorg/individual/lib/libXaw-1.0.13.tar.bz2 mirror://xorg/individual/lib/libXcomposite-0.4.4.tar.bz2 -mirror://xorg/individual/lib/libXcursor-1.1.14.tar.bz2 +mirror://xorg/individual/lib/libXcursor-1.1.15.tar.bz2 mirror://xorg/individual/lib/libXdamage-1.1.4.tar.bz2 mirror://xorg/individual/lib/libXdmcp-1.1.2.tar.bz2 mirror://xorg/individual/lib/libXext-1.3.3.tar.bz2