Bug#968986: marked as done (xorg-server: CVE-2020-14347)
Your message dated Mon, 31 Aug 2020 16:21:05 +0000
with message-id <E1kCmYL-000FjU-1w@fasolo.debian.org>
and subject line Bug#968986: fixed in xorg-server 2:1.20.9-1
has caused the Debian Bug report #968986,
regarding xorg-server: CVE-2020-14347
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
968986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968986
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: xorg-server
Version: 2:1.20.8-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 2:1.20.4-1
Hi,
The following vulnerability was published for xorg-server, filling the
bug for tracking.
CVE-2020-14347[0]:
| A flaw was found in the way xserver memory was not properly
| initialized. This could leak parts of server memory to the X client.
| In cases where Xorg server runs with elevated privileges, this could
| result in possible ASLR bypass. Xorg-server before version 1.20.9 is
| vulnerable.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-14347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14347
[1] https://lists.x.org/archives/xorg-announce/2020-July/003051.html
[2] https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: xorg-server
Source-Version: 2:1.20.9-1
Done: Timo Aaltonen <tjaalton@debian.org>
We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 968986@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Timo Aaltonen <tjaalton@debian.org> (supplier of updated xorg-server package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 31 Aug 2020 18:49:48 +0300
Source: xorg-server
Architecture: source
Version: 2:1.20.9-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Timo Aaltonen <tjaalton@debian.org>
Closes: 968986
Changes:
xorg-server (2:1.20.9-1) unstable; urgency=medium
.
* New upstream release.
- CVE-2020-14347 (Closes: #968986)
* fix-pci-probing-segfault.diff: Fix a regression in 1.20.9 when
probing the GPU.
* revert-hw-xfree86-avoid-cursor-use-after-free.diff: Revert a commit
which is causing server crashes.
* revert-disabling-xss-for-rootless-xwayland.diff: Fix a regression
where apps crash under Xwayland.
Checksums-Sha1:
0bd55bef1e8ba6ef610ad529dd4ce70a0668e4ce 4442 xorg-server_1.20.9-1.dsc
5c92a00f2c1597bc1970150084aca1e0240ba7f2 8699019 xorg-server_1.20.9.orig.tar.gz
2d0bfcedfc3f376c9f323fabc2118c5ac106201b 358 xorg-server_1.20.9.orig.tar.gz.asc
8852bb2d50dd689dfb0f0a70949f4263c80a92ac 153066 xorg-server_1.20.9-1.diff.gz
1236539fcfa4894618e2bf341e1c436c8e6ebfb2 10096 xorg-server_1.20.9-1_source.buildinfo
Checksums-Sha256:
4eb545e826dd0d110ff07318461ed6c90e544848a6dd7d92502d785f3622ba07 4442 xorg-server_1.20.9-1.dsc
067c348fe1a86a1924010354c1c7cf1eaa9e43866e48540aa56a465f2a341ddc 8699019 xorg-server_1.20.9.orig.tar.gz
b42531f3b874713f5b39494acd108ed1c3e58ef613d7fe2592189f741fbaeec2 358 xorg-server_1.20.9.orig.tar.gz.asc
83d408022223bb57c4c507d3980bc2542c5d4e65a83f66f1114f2c1c86c6d7c9 153066 xorg-server_1.20.9-1.diff.gz
c93a7f7d16cfd778ef3c1eab010bc5117334288d56716026b5df73b091abc1ce 10096 xorg-server_1.20.9-1_source.buildinfo
Files:
5cc67b3ef6ea27464a2189def152cfb8 4442 x11 optional xorg-server_1.20.9-1.dsc
df6bc3aae9473c6589499fcd74b1937c 8699019 x11 optional xorg-server_1.20.9.orig.tar.gz
2fca8ba96204fad69093dd53d6bc617e 358 x11 optional xorg-server_1.20.9.orig.tar.gz.asc
35abdc28a1ec0249a2e6c2b5ddbd8dc4 153066 x11 optional xorg-server_1.20.9-1.diff.gz
d27d0eb8a6407560c8d70acd38c572ff 10096 x11 optional xorg-server_1.20.9-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAl9NHDQACgkQy3AxZaiJ
hNw+6g//UNbMAofjdovL8A2ajDOTmN+FnbqCpUKKZQpqGoDbjljRncmMPYl3uSF5
UykRQ/Xa1MNaSSNUiJWXwUHYe/DkrBM6XtGzUXfkn5DxGqkP5baC0kd6EyPHznEY
r7E/Y4ljEYdoxD8lKXK67lqmaMbgk3pv9zeNWUO8LXeGcJ76bRd/6ygK2z/Gbtmy
pEnRe72s27+mJKJ4yEF4+K6CWmOA4iDyJMZX/lMBcdgYrkcuE59OymPQ3bmha/DM
cMHhPDuYcjDBknM74g79bOR6f+Z5t+Jh0SNpsAhNdaaryLIoWVNbX6KW2h9h3ycr
Oqg+DrxRET8ZLz1ykXOaAJjw4XqDQoQRSJ7bLti6klkzenNtaBPIEs3j/UTHfwUI
bIUwEdMK8l2baEGGA5LFw2P6rpjxqruHkhjQeFfYDHqgdrsLY5d1RDv2uuF+k/2H
kzrWpwSXgdve//do2McfHFc+dvb4KVNLm1EOdzK5apm17lR1JGI4v7TveS7YtvYv
xALmI2viFyAUg8rITWemQmASS9OBNx3xk00kefkZXAyhYdMKSdZOYK9OplwxwI+O
CMEvJWfVfTGl/pVE6U2UKEeRXoh4fQO4RWf5TlI5SWBetlQPRKXsYwZK3Is94/cG
Z1p237fuLP27sOg0/mPWXVPaU3PjguEi0eWafFL5rWzJFPGpDeY=
=7oG7
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: