[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1014903: marked as done (xorg-server: CVE-2022-2319 CVE-2022-2320)

Your message dated Mon, 25 Jul 2022 10:05:31 +0000
with message-id <E1oFuxv-0003BE-3R@fasolo.debian.org>
and subject line Bug#1014903: fixed in xorg-server 2:21.1.4-1
has caused the Debian Bug report #1014903,
regarding xorg-server: CVE-2022-2319 CVE-2022-2320
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1014903: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014903
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: xorg-server
Version: 2:21.1.3-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerabilities were published for xorg-server.

CVE-2022-2319[0]:
| ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access

CVE-2022-2320[1]:
| ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-2319
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319
[1] https://security-tracker.debian.org/tracker/CVE-2022-2320
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320
[2] https://www.openwall.com/lists/oss-security/2022/07/12/1

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: xorg-server
Source-Version: 2:21.1.4-1
Done: Timo Aaltonen <tjaalton@debian.org>

We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1014903@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Timo Aaltonen <tjaalton@debian.org> (supplier of updated xorg-server package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 25 Jul 2022 12:46:43 +0300
Source: xorg-server
Built-For-Profiles: noudeb
Architecture: source
Version: 2:21.1.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Timo Aaltonen <tjaalton@debian.org>
Closes: 1014903
Changes:
 xorg-server (2:21.1.4-1) unstable; urgency=medium
 .
   * New upstream release.
     - CVE-2022-2319, CVE-2022-2320 (Closes: #1014903)
Checksums-Sha1:
 d074ef22566c5f7bbc996deca32f1cfd3d75e783 4207 xorg-server_21.1.4-1.dsc
 3d2996974e6406cf268756c24b45ac0595746d31 8990504 xorg-server_21.1.4.orig.tar.gz
 eade393ea44cfbb726892c8043f693232e1de81e 488 xorg-server_21.1.4.orig.tar.gz.asc
 b31f5f274164b4244209b6549098bd7974f27ccd 166901 xorg-server_21.1.4-1.diff.gz
 ba9b0517c3818712ce94f1c103d32c697d467697 9092 xorg-server_21.1.4-1_source.buildinfo
Checksums-Sha256:
 479ced187ee4e23180452bf5310411c1c93e8311d41d2cf50a2d7ad8137d0d64 4207 xorg-server_21.1.4-1.dsc
 cbd5a1f75881e8a341823e51e489281aee0912c7023b4eed170b26b18f617e36 8990504 xorg-server_21.1.4.orig.tar.gz
 811b5da6defa1ffc8e0d5191ceefb6357e4cad5a06617bad178c5c13775aa3ce 488 xorg-server_21.1.4.orig.tar.gz.asc
 7aed6db782e641a16040b6bf558b4b510ba56f56bdfa86cbcc3f4d306ad5ff14 166901 xorg-server_21.1.4-1.diff.gz
 3086775de3742805bca13544c5b546b45cca989dacf9ff8ed39633a713d0621e 9092 xorg-server_21.1.4-1_source.buildinfo
Files:
 6e4cd83172b2ef9db3d5dfa8ac089096 4207 x11 optional xorg-server_21.1.4-1.dsc
 98e0abdf9e21120d2623948b25bdd7dd 8990504 x11 optional xorg-server_21.1.4.orig.tar.gz
 4ea327aa0054409c3d3303084a441a38 488 x11 optional xorg-server_21.1.4.orig.tar.gz.asc
 f0cd6a06b56637cc3cdcd4ff34fbec1a 166901 x11 optional xorg-server_21.1.4-1.diff.gz
 b74187bbb17d849ff3824229524a8414 9092 x11 optional xorg-server_21.1.4-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAmLeZp0ACgkQy3AxZaiJ
hNzr6A/+LHdDtpfnNtFWmWIZi0hWLh3qB81O6WBZd2HuMpM6qRiCWD/Ybud718FS
w6sOpLwVJmaeCXktQJSkdDSgFDltap+3mFcMelQhHpEiL/jVUXvUsCHN5KxEPKgo
wr+8Xe5eRrClATkvwpzbRR3P80M169JwsERGn6vZ8Jxaw3K0wqBW3vE/pYGYQZC8
CG1v56+U83nxfI1TCutlYePlPHdbMR29epWv9t2yxoKFgT4G+0B3FqZv5MrMEe2B
Ef4lHQyXWXf8L4ErVv8LJpKgGfqbx7l0739L8/q7WADmc4J4H2ZdIjnBwFz7+4FJ
XJBTMBFZu3SJIpOgK09L81M4e8fXvF+2TWVcbPND+Ux9QD8dvGlvCSfFGzI/rkJt
K9WpVPKUu31T/5H7mg66jLZBeR/LpB47NYLfQfZxtIqAZ4i+Zgaar05i2kWWqztT
y65RF1KkXkElsMyL4vVXqN+gtkRsMwtOof0xOzdsFh6LiZePkYwJ3Jdk1Xp9Lw8E
eBXOfl6qXJ9Rrn/SriB5Lwuy1jwBd54sTQBTV0dthG8PQKmXCAMgiGO96gIgVFz/
QLwjnFnTQOFDTI7inayGaMCebjh36OnslKmn8248++mL/mp3GI7HCVB0eKvEScFN
b/io5Ahl3EfFFEX9ZTJJRWVux+m+SSCwjUSvZ4Jn/aPLSN1wZfI=
=ghLP
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: