Bug#1026071: marked as done (xorg-server: CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344)
Your message dated Wed, 14 Dec 2022 14:38:51 +0100
with message-id <Y5nR664vE44b8Xxi@eldamar.lan>
and subject line [ftpmaster@ftp-master.debian.org: Accepted xorg-server 2:21.1.5-1 (source) into unstable]
has caused the Debian Bug report #1026071,
regarding xorg-server: CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1026071: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026071
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: xorg-server
Version: 2:21.1.4-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerabilities were published for xorg-server.
CVE-2022-4283[0]:
| xkb: reset the radio_groups pointer to NULL after freeing it
CVE-2022-46340[1]:
| Xtest: disallow GenericEvents in XTestSwapFakeInput
CVE-2022-46341[2]:
| Xi: disallow passive grabs with a detail > 255
CVE-2022-46342[3]:
| Xext: free the XvRTVideoNotify when turning off from the same client
CVE-2022-46343[4]:
| Xext: free the screen saver resource when replacing it
CVE-2022-46344[5]:
| Xi: avoid integer truncation in length check of ProcXIChangeProperty
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-4283
https://www.cve.org/CVERecord?id=CVE-2022-4283
[1] https://security-tracker.debian.org/tracker/CVE-2022-46340
https://www.cve.org/CVERecord?id=CVE-2022-46340
[2] https://security-tracker.debian.org/tracker/CVE-2022-46341
https://www.cve.org/CVERecord?id=CVE-2022-46341
[3] https://security-tracker.debian.org/tracker/CVE-2022-46342
https://www.cve.org/CVERecord?id=CVE-2022-46342
[4] https://security-tracker.debian.org/tracker/CVE-2022-46343
https://www.cve.org/CVERecord?id=CVE-2022-46343
[5] https://security-tracker.debian.org/tracker/CVE-2022-46344
https://www.cve.org/CVERecord?id=CVE-2022-46344
[6] https://lists.x.org/archives/xorg-announce/2022-December/003302.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: xorg-server
Source-Version: 2:21.1.5-1
----- Forwarded message from Debian FTP Masters <ftpmaster@ftp-master.debian.org> -----
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Resent-From: debian-devel-changes@lists.debian.org
Reply-To: debian-devel@lists.debian.org
Date: Wed, 14 Dec 2022 10:10:32 +0000
To: debian-devel-changes@lists.debian.org
Subject: Accepted xorg-server 2:21.1.5-1 (source) into unstable
Message-Id: <E1p5Oie-006m4z-Q7@fasolo.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 14 Dec 2022 11:10:24 +0200
Source: xorg-server
Built-For-Profiles: noudeb
Architecture: source
Version: 2:21.1.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Timo Aaltonen <tjaalton@debian.org>
Changes:
xorg-server (2:21.1.5-1) unstable; urgency=medium
.
* New upstream release.
- CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343,
CVE-2022-46344, CVE-2022-46283
* Add signing-key from Peter Hutterer.
Checksums-Sha1:
9879f8698e606006d3c860870a54a11d2bad59ac 4207 xorg-server_21.1.5-1.dsc
c5efdc5696815a8925e371b5237223f60c920568 8917627 xorg-server_21.1.5.orig.tar.gz
e54e3660bcd95539a17841075f330a3a05a6a9bf 195 xorg-server_21.1.5.orig.tar.gz.asc
a4e0502f05552a701fce55f8dcd23547f39ce122 169209 xorg-server_21.1.5-1.diff.gz
e6d3bdb6bcbe24fd0d7531191dbf7086d40ba95f 10540 xorg-server_21.1.5-1_source.buildinfo
Checksums-Sha256:
40b27446f4a6c6d54b734a199f9f94f37d6b66092635d2ac018180e0678800ae 4207 xorg-server_21.1.5-1.dsc
5e391867bfe44ce766a8c748e7563dc9678c229af72b5f94e221a92b1b04b7a1 8917627 xorg-server_21.1.5.orig.tar.gz
e677f4436820c0863c2fb1043a498f81d9f6cfea808ced5bf5921686238cc1bb 195 xorg-server_21.1.5.orig.tar.gz.asc
735c73342e8a3b9b9b722837cf783a0bcf368aaf8b5f844a3f11c19bedb3b258 169209 xorg-server_21.1.5-1.diff.gz
90d9e9e338b615d58d48446e532dd7a5c175aa73207872ac51fbce9627cf8f03 10540 xorg-server_21.1.5-1_source.buildinfo
Files:
9b01577aea185661100ab83359d82492 4207 x11 optional xorg-server_21.1.5-1.dsc
8afa3a9cb1cbe3101183eedc9773243f 8917627 x11 optional xorg-server_21.1.5.orig.tar.gz
428b0a04ac6dd4ce330fcefe018f16cb 195 x11 optional xorg-server_21.1.5.orig.tar.gz.asc
748b63932c6fc2c8637c3402f933d7a9 169209 x11 optional xorg-server_21.1.5-1.diff.gz
c073e5207fd1a10192f148863a1b965a 10540 x11 optional xorg-server_21.1.5-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAmOZlHIACgkQy3AxZaiJ
hNy5og//QeAZC2vM07n6MWyt/WImdSd/pKJpLlDwnwpLr9tbxNRhZO3V6RnjC7r+
faNUbU73wjLNNqOAFE8JlwzVB3jJ+go4vezU/C0L/mIugJvb9i/devUYidUfgOXp
NNQXZtbc81l84pWQs/Wn31TqllxkDk1NMM1msOw/EFd7Z1Aje0tWk/OpdgSPEgZL
uxvyoWC9sucOhEGE5K2efUYYPdU59dXFG/NlfzmegSdwR2FKUl0MtF6HtwqFG8Tx
sWjw1ObFAcU9AZQh0HIeWIjYNafFaHwnlyZmmmmrvos4n2VlT8JAMWu/SS5euRj+
qVzuijzgeSNpbNUezNSYz+6phJTdRr06qha8zBk5U6Z6fuBtf0pyHFz3TXbo1A2d
VVOnyBR+fyU/H/WBUkhk5ltzSf3O9NiwCaLAbphgZRzFitMO748CTgxZwSvQZnFu
Iy9xsWKY5/8ZcdrOcKStZy38LMuVS7sQZFz26fPT7fThtPtREj/uUuXCww0X+Eqa
p8ADNUfOqmyXJjyWypCgTREu8o6msDns/obR0DhVUoPzhm/BhIbBRTYZBsXMlEy9
YUbeTOv/W7AvfXNwI8peHi9oY24UXCYdRazeJiVt9VzJ0vWNbHKTj/IpWnODhmKo
UUIgfwyoE5lr58Wuo3n4hpO4hrqfkylbUJGfm0Qtn3k/u8q9+uY=
=2se2
-----END PGP SIGNATURE-----
----- End forwarded message -----
--- End Message ---
Reply to: