PublicDateAtUSN: 2014-01-18 Candidate: CVE-2013-6424 PublicDate: 2014-01-18 19:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6424 http://www.openwall.com/lists/oss-security/2013/12/03/8 https://ubuntu.com/security/notices/USN-2500-1 Description: Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. Ubuntu-Description: Notes: mdeslaur> xorg server is actually the xorg-server package mdeslaur> the xorg package only contains docs jdstrand> patch is straightforward but not yet accepted upstream. Open upstream questions as of 2013/12/18 jdstrand> package for Ubuntu 13.10 is available in saucy-proposed jdstrand> downgrading to low since pixman is already fixed, based on bug feedback Bugs: https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742922 https://bugs.freedesktop.org/show_bug.cgi?id=67484 Priority: low Discovered-by: Assigned-to: mdeslaur CVSS: Patches_xorg: upstream_xorg: needs-triage lucid_xorg: not-affected (code not present) precise_xorg: not-affected (code not present) quantal_xorg: not-affected (code not present) raring_xorg: not-affected (code not present) saucy_xorg: not-affected (code not present) trusty_xorg: not-affected (code not present) trusty/esm_xorg: DNE (trusty was not-affected [code not present]) utopic_xorg: not-affected (code not present) devel_xorg: not-affected (code not present) Patches_xorg-server: other: http://patchwork.freedesktop.org/patch/14769/ vendor: http://www.debian.org/security/2013/dsa-2822 upstream_xorg-server: needed lucid_xorg-server: ignored (reached end-of-life) precise_xorg-server: released (2:1.11.4-0ubuntu10.17) quantal_xorg-server: ignored (reached end-of-life) raring_xorg-server: ignored (reached end-of-life) saucy_xorg-server: not-affected (2:1.14.5-1ubuntu2~saucy1) trusty_xorg-server: not-affected (2:1.14.3-3ubuntu3) trusty/esm_xorg-server: not-affected (2:1.14.3-3ubuntu3) utopic_xorg-server: not-affected (2:1.14.3-3ubuntu3) devel_xorg-server: not-affected (2:1.14.3-3ubuntu3)