Bug#1014903: xorg-server: CVE-2022-2319 CVE-2022-2320

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1014903: xorg-server: CVE-2022-2319 CVE-2022-2320
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 14 Jul 2022 10:15:06 +0200
Message-id: <[🔎] 165778650616.750225.14245919734179537334.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1014903@bugs.debian.org

Source: xorg-server
Version: 2:21.1.3-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerabilities were published for xorg-server.

CVE-2022-2319[0]:
| ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access

CVE-2022-2320[1]:
| ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-2319
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319
[1] https://security-tracker.debian.org/tracker/CVE-2022-2320
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320
[2] https://www.openwall.com/lists/oss-security/2022/07/12/1

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#1014903: marked as done (xorg-server: CVE-2022-2319 CVE-2022-2320)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>