PublicDateAtUSN: 2013-05-23 15:00:00 UTC
Candidate: CVE-2013-1988
CRD: 2013-05-23 15:00:00 UTC
PublicDate: 2013-06-15 19:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1988
 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
 http://www.debian.org/security/2013/dsa-2688
 https://ubuntu.com/security/notices/USN-1864-1
Description:
 Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X
 servers to trigger allocation of insufficient memory and a buffer overflow
 via vectors related to the (1) XResQueryClients and (2)
 XResQueryClientResources functions.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by: Ilja van Sprundel
Assigned-to: mdeslaur
CVSS: 

Patches_libxres:
 upstream: http://cgit.freedesktop.org/xorg/lib/libXRes/commit/?id=69457711050ac3a53859ef11790a7ac815cd7d94
 upstream: http://cgit.freedesktop.org/xorg/lib/libXRes/commit/?id=b053d215b80e721f9afdc5794e4f3f4f2aee0141 (1/2)
 upstream: http://cgit.freedesktop.org/xorg/lib/libXRes/commit/?id=f468184963e53feda848853c4aefd0197b2cc116 (2/2)
upstream_libxres: pending (1.0.7)
lucid_libxres: ignored (reached end-of-life)
precise_libxres: released (2:1.0.5-1ubuntu0.1)
quantal_libxres: released (2:1.0.6-1ubuntu0.12.10.1)
raring_libxres: released (2:1.0.6-1ubuntu0.13.04.1)
devel_libxres: not-affected (2:1.0.6-1+deb7u1)