Bug#968986: marked as done (xorg-server: CVE-2020-14347)
Your message dated Sat, 05 Sep 2020 17:02:42 +0000
with message-id <E1kEbaM-000BUr-Qi@fasolo.debian.org>
and subject line Bug#968986: fixed in xorg-server 2:1.20.4-1+deb10u1
has caused the Debian Bug report #968986,
regarding xorg-server: CVE-2020-14347
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
968986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968986
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: xorg-server: CVE-2020-14347
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Tue, 25 Aug 2020 14:29:46 +0200
- Message-id: <159835858613.1557860.5104513633285248995.reportbug@eldamar.local>
Source: xorg-server
Version: 2:1.20.8-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 2:1.20.4-1
Hi,
The following vulnerability was published for xorg-server, filling the
bug for tracking.
CVE-2020-14347[0]:
| A flaw was found in the way xserver memory was not properly
| initialized. This could leak parts of server memory to the X client.
| In cases where Xorg server runs with elevated privileges, this could
| result in possible ASLR bypass. Xorg-server before version 1.20.9 is
| vulnerable.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-14347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14347
[1] https://lists.x.org/archives/xorg-announce/2020-July/003051.html
[2] https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: xorg-server
Source-Version: 2:1.20.4-1+deb10u1
Done: Salvatore Bonaccorso <carnil@debian.org>
We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 968986@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated xorg-server package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 27 Aug 2020 10:51:48 +0200
Source: xorg-server
Architecture: source
Version: 2:1.20.4-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 968986
Changes:
xorg-server (2:1.20.4-1+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix for ZDI-11426 (CVE-2020-14347) (Closes: #968986)
* Correct bounds checking in XkbSetNames() (CVE-2020-14345)
* Fix XIChangeHierarchy() integer underflow (CVE-2020-14346)
* Fix XkbSelectEvents() integer underflow (CVE-2020-14361)
* Fix XRecordRegisterClients() Integer underflow (CVE-2020-14362)
Package-Type: udeb
Checksums-Sha1:
a0c47587fc711a9040a7e614c07873943144315d 4337 xorg-server_1.20.4-1+deb10u1.dsc
94dd9612c5e4233ed3cb23063ab10f43b4ae4bb2 8553791 xorg-server_1.20.4.orig.tar.gz
0378b1b847c504b1164e5da94c36368f48a9a760 147972 xorg-server_1.20.4-1+deb10u1.diff.gz
Checksums-Sha256:
e5a7140cbb0e3b2a98e7faae254356c5dfe5c0cdf0a81df9b55148efcb82788e 4337 xorg-server_1.20.4-1+deb10u1.dsc
a6447de89eca3e22eeead682b325d902779569534ad83388c9e16611d72baaf3 8553791 xorg-server_1.20.4.orig.tar.gz
50a72b996315a618ffae32df71eef4bb2973a72a788835af95b1d7f99a045732 147972 xorg-server_1.20.4-1+deb10u1.diff.gz
Files:
49362dcbc35d3ca8117e9680d8f50685 4337 x11 optional xorg-server_1.20.4-1+deb10u1.dsc
4151b46d6036f4997d27c2d2b7be38e7 8553791 x11 optional xorg-server_1.20.4.orig.tar.gz
45bf79942eb911cc8f87861ba1297010 147972 x11 optional xorg-server_1.20.4-1+deb10u1.diff.gz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl9IjqFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EuRMQAJ5d0EAvj9ZDYko+du1lfCcC2zkYsbDA
flINzz7hJpPdOB/jwlRZWA3msQhrUqFDwIUWrSEs2xn0C+KVo8iwhGz7zJRKuv3O
iqa79jVfJQuUKYdkEjMAbgM+fE9ARxgyRbvqL20gnMIFk6nprq3RnZWMH/ScG68Y
aRON5jFM6oPFNFcmcJ8tIdc0jpYloUYQhhNKjJAJNmLBrGksvd1eW3Hbp0X4yRnX
fXCBNJFcJfq6pQDaBQJzNoQazA47j7MO+Ci/hMta427lB+DU49WnS07CX1E58Oia
fVEnJtp66O2J9J651Vw2/VjBKz0lQ+4hDmcocqbjFRltPdyXFDRItkG8fyZN/RHl
g9+isMQ7SxL9uoWzCbfjI9SsKzYLy8x5QXbHi+zD8QX11m1TOGmct8OgxGZqZH6p
HmEoxYfdoFyYD6DGZIsqt9KVb2l8rzA0bijru43JjJ0YUi27bK3LmPpClbcWAmkU
tj0BfhVQ/cd7TrpcU+DyiDHZ4JTt+GTQNqeeZwJtpBa9uhW9792WtAsxfD7iZ+Sn
tf8nlRt/PVQ+9WrYme2/lB2DARWBrngLHvOaIQKUAzxOCNd8HS0qm/S25Wxdy9IF
VvRo5DJ0mhueuaedZWLle4LLymcPTWLmaEb25Ie0TFutU82gjpPOxlSh+nF24HS1
F+xuitU2mzgD
=QqOB
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: