[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#976216: marked as done (xorg-server: CVE-2020-25712 CVE-2020-14360)

Your message dated Wed, 02 Dec 2020 11:04:09 +0000
with message-id <E1kkPvd-0009lJ-L9@fasolo.debian.org>
and subject line Bug#976216: fixed in xorg-server 2:1.20.10-1
has caused the Debian Bug report #976216,
regarding xorg-server: CVE-2020-25712 CVE-2020-14360
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
976216: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976216
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: xorg-server
Version: 2:1.20.4-1+deb10u1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 2:1.20.4-1
Control: found -1 2:1.20.8-2
Control: found -1 2:1.20.9-2

Hi,

The following vulnerabilities were published for xorg-server.

CVE-2020-25712[0]:
| Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows

CVE-2020-14360[1]:
| Check SetMap request length carefully

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-25712
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25712
[1] https://security-tracker.debian.org/tracker/CVE-2020-14360
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14360
[2] https://www.openwall.com/lists/oss-security/2020/12/01/3

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: xorg-server
Source-Version: 2:1.20.10-1
Done: Timo Aaltonen <tjaalton@debian.org>

We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 976216@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Timo Aaltonen <tjaalton@debian.org> (supplier of updated xorg-server package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 02 Dec 2020 12:41:35 +0200
Source: xorg-server
Architecture: source
Version: 2:1.20.10-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Timo Aaltonen <tjaalton@debian.org>
Closes: 975579 976216
Changes:
 xorg-server (2:1.20.10-1) unstable; urgency=medium
 .
   [ Timo Aaltonen ]
   * New upstream release.
     - CVE-2020-14360, CVE-2020-25712 (Closes: #976216)
   * Drop patches:
     - 0001-Revert-*: Reverted upstream in this version
     - revert-hw-xfree86-avoid-cursor-use-after-free.diff: Issue fixed in this version
     - revert-disabling-xss-for-rootless-xwayland.diff: Was resolved upstream as
       being a client bug
   * control: Add libnvidia-egl-wayland-dev to build-depends, enables
     EGLStream support in xwayland.
 .
   [ Adrian Bunk ]
   * rules: Add a workaround to fix build on mips*. (Closes: #975579)
Checksums-Sha1:
 e2c1ace0a8fb599bf71a6782755cf5a59de21a70 4479 xorg-server_1.20.10-1.dsc
 d0049341315c67695cb5946b15ea5cf17df5f230 8700722 xorg-server_1.20.10.orig.tar.gz
 5c55d3a2ae92bf931b5fe343e6afeaf5e3bc9a6b 358 xorg-server_1.20.10.orig.tar.gz.asc
 d8d7a08a9cd85af1c5b6ab0f88936485e9bb40bf 151746 xorg-server_1.20.10-1.diff.gz
 6dcd56dd093aac084a08e28185a9a8689c7f0342 10450 xorg-server_1.20.10-1_source.buildinfo
Checksums-Sha256:
 7a5292499ba9704980ae472cad5acee05a1bf7cac44ee3ca9138efa48367c54e 4479 xorg-server_1.20.10-1.dsc
 02f2198608b6191b7f8c65158bd4613734ec1c5c3d6784c5177f41b5cd2d30a3 8700722 xorg-server_1.20.10.orig.tar.gz
 6e16173135644040e470d8838340b394f3706d7d598dab69dad19f15acd7805a 358 xorg-server_1.20.10.orig.tar.gz.asc
 f3a85927d52e2c30e406e5efdfd064ebaa869ff627037a8b457211f93ca6398f 151746 xorg-server_1.20.10-1.diff.gz
 8791270c5facdacb7477b1a0284bff29473e15c60988c69c6b8e2c8eb97426ed 10450 xorg-server_1.20.10-1_source.buildinfo
Files:
 270d8ee7d66db64299b0138051faeaf6 4479 x11 optional xorg-server_1.20.10-1.dsc
 fb0c9a9540cde67465ab43e7698cf101 8700722 x11 optional xorg-server_1.20.10.orig.tar.gz
 1e87a7169816456b3b47f3a5c68aa3e5 358 x11 optional xorg-server_1.20.10.orig.tar.gz.asc
 bd9fdab53037869786c0c11a080932a3 151746 x11 optional xorg-server_1.20.10-1.diff.gz
 a8954f2560a5365d800b2287c2c13f38 10450 x11 optional xorg-server_1.20.10-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAl/Hb3UACgkQy3AxZaiJ
hNx+qg//Y7eJ8AVfwJ3NKrqrERsnnTQixE7dB4614nBVCCOlPU+c/9aHHW69BppH
h8I2LnlwuubtDeCEatXk/x+p3HDeCEFsUe0XbDqJ5Z8SgTztY6ekYO9wLHCSCGVm
KcP/FJXTgJyW5onTOwKuPWhbwybNbgGGLnJBiGdd/BQB4X8oGJhRYuvrz3sqdrbV
qHiYBzMiCflXUmx4DQDPfoaVzubTzilIrZb1RVrHzIkpqyVmXSEnVgyuxd+6S007
tA8ymRE/qFqe81wM/f3c5p9M7MJ9k4C7TcT0FYzi8NxW9GkL5iVokOD/EDNNmf4Z
u5vg0TwXCIROL3jyja1U+JvJJEyCdGr7nS4Rlz2kqjcycZmnU0N5MwmAiOyePS0o
gnKWGpCdWtn0J8Awavz+NM2uRZ1nstm63/593doXmEwLx5VxNUPi7tSau1Al+p+u
Dmt/pRgVidyfynFiBO6yIpmlA1ZJH6c3XEQhUgY7T8d47xiuwCO1R+43+WgwKNgO
OXUH1nqneLIvGtu2S6nYo4VZTkdV+xBht4tOe0k0Tc0JVQjMkaEwwt9vbKZ/VUQY
cCkXoqfvjcXjIQkJ1id2EtbrRWfinZvK3xCfuS0lj1l7nJeb+AXLO4LkeMNVPnjX
0jxVLyNttlJq3qyhcZAbDgOSNgDOf478Qy5xzGa536pkSeEbc+o=
=OIYY
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: