6636174 *Xorg* [X.Org Bug 13524] XFree86-MISC Extension Invalid Array Index Vulnerability
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/open-src/xserver/xorg/6636174.patch Fri Dec 14 16:23:01 2007 -0800
@@ -0,0 +1,13 @@
+--- xorg-server-1.3.0.0/hw/xfree86/common/xf86MiscExt.c 2006-11-16 10:01:24.000000000 -0800
++++ xorg-server-1.3.0.0/hw/xfree86/common/xf86MiscExt.c 2007-12-13 18:32:08.476098000 -0800
+@@ -640,6 +640,10 @@
+
+ DEBUG_P("MiscExtPassMessage");
+
++ /* should check this in the protocol, but xf86NumScreens isn't exported */
++ if (scrnIndex >= xf86NumScreens)
++ return BadValue;
++
+ if (*pScr->HandleMessage == NULL)
+ return BadImplementation;
+ return (*pScr->HandleMessage)(scrnIndex, msgtype, msgval, retstr);
--- a/open-src/xserver/xorg/patch-list Thu Dec 13 13:57:35 2007 -0800
+++ b/open-src/xserver/xorg/patch-list Fri Dec 14 16:23:01 2007 -0800
@@ -49,3 +49,4 @@
6278039.patch
xv-swap.patch
6635727.patch,-p1
+6636174.patch,-p1