[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#988737: marked as done (libx11: CVE-2021-31535: Missing request length checks)

Your message dated Wed, 19 May 2021 15:33:33 +0000
with message-id <E1ljOCT-0006dw-9I@fasolo.debian.org>
and subject line Bug#988737: fixed in libx11 2:1.7.1-1
has caused the Debian Bug report #988737,
regarding libx11: CVE-2021-31535: Missing request length checks
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
988737: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988737
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: libx11
Version: 2:1.7.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for libx11.

CVE-2021-31535[0]:
| Missing request length checks

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-31535
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31535
[1] https://www.openwall.com/lists/oss-security/2021/05/18/2
[2] https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605
[3] https://bugzilla.suse.com/show_bug.cgi?id=1182506

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: libx11
Source-Version: 2:1.7.1-1
Done: Emilio Pozuelo Monfort <pochu@debian.org>

We believe that the bug you reported is fixed in the latest version of
libx11, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 988737@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emilio Pozuelo Monfort <pochu@debian.org> (supplier of updated libx11 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 19 May 2021 17:22:09 +0200
Source: libx11
Architecture: source
Version: 2:1.7.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Closes: 988737
Changes:
 libx11 (2:1.7.1-1) unstable; urgency=medium
 .
   [ Julien Cristau ]
   * libx11-6 Breaks old libx11-xcb1, as further mitigation for bug
     #979590.
 .
   [ Emilio Pozuelo Monfort ]
   * New upstream release.
   * CVE-2021-31535: X protocol command injection due to missing request
     length checks (closes: #988737)
Checksums-Sha1:
 d572f74a94e8c9dfc62304a9136f14cc76e706a4 2294 libx11_1.7.1-1.dsc
 6d1134773772399a4b6b38cefb1a0a1f56cae23c 3169116 libx11_1.7.1.orig.tar.gz
 c0deb31f02dc35e8bed4d8b6f5a46069483719f0 75515 libx11_1.7.1-1.diff.gz
 a687bb72c50bb72d288973bca15d155eaf07ed6b 5976 libx11_1.7.1-1_source.buildinfo
Checksums-Sha256:
 84b5f56f80062322a53f47c686e86fcecdd02e51021aff089e7069054f55bc3d 2294 libx11_1.7.1-1.dsc
 7e6d4120696e90995e66ac24f1042d4f11c14fbefd7aab48de0ed1fe3c4b922b 3169116 libx11_1.7.1.orig.tar.gz
 3fd46b5916adad16252949cdd045bd8d52098fa8d46ed3c1075022d12c42be96 75515 libx11_1.7.1-1.diff.gz
 d3ef646412a21488016e7ade1b56b0620c6efa7d5b17e2031b94843757d251d8 5976 libx11_1.7.1-1_source.buildinfo
Files:
 5e4131a7152c028918249d731509f218 2294 x11 optional libx11_1.7.1-1.dsc
 6ea2defd5b248aeaa9be47a2169657fc 3169116 x11 optional libx11_1.7.1.orig.tar.gz
 f2bc893f2bae01b29117964782e85128 75515 x11 optional libx11_1.7.1-1.diff.gz
 233e765cd12710cf18a9b6cb24572134 5976 x11 optional libx11_1.7.1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmClLVcACgkQnUbEiOQ2
gwIWdRAAyQTfqCLlKSb9f6OZfzko80THNKfSERqmmokwCAztHKc/2PWrAzuNEvXC
/P8f/Idy5T9zCD/SpcbqGtWEXdpZpbyLZA3IWiD+lmkuhavAfFigTv3pCeT7EyBT
fdCV9LNuvmgN++wBzPW3mafPCfv4PCPkCPjNalIta2KAiYerzWlFucg5aqrr3sUe
NyGPAk9DUst/KfeiyGNbfiiC7RQlRHitQs9270Mfp98gg62AbfnJYhCKevGJOIi0
dTtxe1g9t8PLYC4LXadCpgucqoke8BOaWsRxWUnM3RwO9BlfN123QzW7v8HUVNOu
1ZlI05m+bWdghORij/EdljextDy2sF8fGy465hqyv4ucl3hp8ISzDkl3vT/T5LN3
+9xD6Ag6qLcuyI+TM0azDXB7MWLyelcHjhRVf8aXlMYNgEjsPpA3VxJJRBaCIm75
auDEzsGEpXAlFm3RNyUVRDckQHRT2v3eVgd7WpqD/5mqh7zErWkyNVm7E2KQ4F23
w08q4ehLj6yORe1Efddhk5biQG5tHVhssoOcV/IGRgFx8Z5sVXIT2rY2ZuJW5IVu
PLkYe2q4SKlGYXuk/9w0u566L1tLZYwfTJEaSvPXo5x8tllBknV3I/SQAp0KSusw
QaOXs8CoGd6GV25RFQOhZNCwwH6zSvjXXZ1FIfwyWtSlJWIbnBk=
=pHfz
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: