PublicDateAtUSN: 2013-05-23 15:00:00 UTC
Candidate: CVE-2013-1986
CRD: 2013-05-23 15:00:00 UTC
PublicDate: 2013-06-15 19:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1986
 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
 http://www.debian.org/security/2013/dsa-2684
 https://ubuntu.com/security/notices/USN-1862-1
Description:
 Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X
 servers to trigger allocation of insufficient memory and a buffer overflow
 via vectors related to the (1) XRRQueryOutputProperty and (2)
 XRRQueryProviderProperty functions.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by: Ilja van Sprundel
Assigned-to: mdeslaur
CVSS: 

Patches_libxrandr:
 upstream: http://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=1c7ad6773ce6be00dcd6e51e9be08f203abe5071
 upstream: http://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=0e79d96c36aef5889ae2e2a3fc2e96e93f30dc21 (1/4)
 upstream: http://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=1da5b838c2a8565d4d95a4e948f951ce6b466345 (2/4)
 upstream: http://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=289a1927949e6f278c18d115772e454837702e35 (3/4)
 upstream: http://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=4254bf0ee4c7a8f9d03841cf0d8e16cbb201dfbd (4/4)
 upstream: http://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=c90f74497dbcb96854346435349c6e2207b530c5 (related?)
upstream_libxrandr: pending (1.4.1)
lucid_libxrandr: ignored (reached end-of-life)
precise_libxrandr: released (2:1.3.2-2ubuntu0.2)
quantal_libxrandr: released (2:1.4.0-1ubuntu0.1)
raring_libxrandr: released (2:1.4.0-1ubuntu1.1)
devel_libxrandr: released (2:1.4.0-1ubuntu2)

Patches_libxrandr-lts-quantal:
upstream_libxrandr-lts-quantal: released (1.4.1)
lucid_libxrandr-lts-quantal: DNE
precise_libxrandr-lts-quantal: released (2:1.4.0-1~precise2)
quantal_libxrandr-lts-quantal: DNE
raring_libxrandr-lts-quantal: DNE
devel_libxrandr-lts-quantal: DNE