PublicDateAtUSN: 2013-05-23 15:00:00 UTC
Candidate: CVE-2013-1998
CRD: 2013-05-23 15:00:00 UTC
PublicDate: 2013-06-15 20:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1998
 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
 http://www.debian.org/security/2013/dsa-2683
 https://ubuntu.com/security/notices/USN-1859-1
Description:
 Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers
 to cause a denial of service (crash) and possibly execute arbitrary code
 via crafted length or index values to the (1) XGetDeviceButtonMapping, (2)
 XIPassiveGrabDevice, and (3) XQueryDeviceState functions.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by: Ilja van Sprundel
Assigned-to: mdeslaur
CVSS: 

Patches_libxi:
 upstream: http://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=f3e08e4fbe40016484ba795feecf1a742170ffc1 (1/3)
 upstream: http://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=91434737f592e8f5cc1762383882a582b55fc03a (2/3)
 upstream: http://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=5398ac0797f7516f2c9b8f2869a6c6d071437352 (3/3)
upstream_libxi: pending (1.7.2)
lucid_libxi: released (2:1.3-3ubuntu0.2)
precise_libxi: released (2:1.6.0-0ubuntu2.1)
quantal_libxi: released (2:1.6.1-1ubuntu0.1)
raring_libxi: released (2:1.6.99.1-0ubuntu3.1)
devel_libxi: released (2:1.6.99.1-0ubuntu4)