It was found that when receiving a response from the server protocol data is not validated sufficiently. This results in various data mishandlings. Upstream patch: https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5 External References: https://lists.x.org/archives/xorg-announce/2016-October/002720.html CVE assignment: http://seclists.org/oss-sec/2016/q4/17
Created libXi tracking bugs for this issue: Affects: fedora-all [bug 1381870]
This was fixed as part of bug 1401672