Bug#1030777: marked as done (xorg-server: CVE-2023-0494)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Tue, 07 Feb 2023 13:35:27 +0000
with message-id <E1pPO87-004oNQ-JK@fasolo.debian.org>
and subject line Bug#1030777: fixed in xorg-server 2:21.1.7-1
has caused the Debian Bug report #1030777,
regarding xorg-server: CVE-2023-0494
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1030777: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030777
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: xorg-server: CVE-2023-0494
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Tue, 07 Feb 2023 13:41:07 +0100
• Message-id: <[🔎] 167577366751.2531448.18311953856920426300.reportbug@elende.valinor.li>

Source: xorg-server
Version: 2:21.1.6-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 2:1.20.11-1+deb11u4
Control: fixed -1 2:1.20.11-1+deb11u5

Hi,

The following vulnerability was published for xorg-server.

CVE-2023-0494[0]:
| Xi: fix potential use-after-free in DeepCopyPointerClasses

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-0494
    https://www.cve.org/CVERecord?id=CVE-2023-0494
[1] https://gitlab.freedesktop.org/xorg/xserver/commit/0ba6d8c37071131a49790243cdac55392ecf71ec

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 1030777-close@bugs.debian.org
• Subject: Bug#1030777: fixed in xorg-server 2:21.1.7-1
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Tue, 07 Feb 2023 13:35:27 +0000
• Message-id: <E1pPO87-004oNQ-JK@fasolo.debian.org>
• Reply-to: Julien Cristau <jcristau@debian.org>

Source: xorg-server
Source-Version: 2:21.1.7-1
Done: Julien Cristau <jcristau@debian.org>

We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1030777@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Cristau <jcristau@debian.org> (supplier of updated xorg-server package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 07 Feb 2023 14:15:45 +0100
Source: xorg-server
Architecture: source
Version: 2:21.1.7-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Closes: 1030777
Changes:
 xorg-server (2:21.1.7-1) unstable; urgency=medium
 .
   * New upstream release
     + Xi: fix potential use-after-free in DeepCopyPointerClasses
       (CVE-2023-0494, closes: #1030777)
Checksums-Sha1:
 d6c7fecdcca21d6554a6fb937ee5685b60396c92 4236 xorg-server_21.1.7-1.dsc
 64a134919cf467cc404ce45871376cd6abb6cc8c 8922821 xorg-server_21.1.7.orig.tar.gz
 2c653f19796de73f9cbaf466658803d47070ced8 195 xorg-server_21.1.7.orig.tar.gz.asc
 21a0948b390d603abe75888396a8d48fc16cf389 168149 xorg-server_21.1.7-1.diff.gz
Checksums-Sha256:
 df6c9c0f253fe2203454e8eae6b02464256fe99785527f1e80981660230edb6d 4236 xorg-server_21.1.7-1.dsc
 1a9005f47c7ea83645a977581324439628a32c4426303e5a4b9c2d6615becfbf 8922821 xorg-server_21.1.7.orig.tar.gz
 2f2113fe0866694084e952c7699a689d1fa0feefd1cc8492d79db432604246c4 195 xorg-server_21.1.7.orig.tar.gz.asc
 ed25018f392feb25e2e1224b4939f86fb22e14c27e3970ec4cdb23fb1fa9e380 168149 xorg-server_21.1.7-1.diff.gz
Files:
 35248e4cf6fe4860d754a2b31679932d 4236 x11 optional xorg-server_21.1.7-1.dsc
 9c9b0375cb17ad8b4a79f9dd9efc58d0 8922821 x11 optional xorg-server_21.1.7.orig.tar.gz
 3d6b4c2abedbcbd6cd7f071d74c56e5d 195 x11 optional xorg-server_21.1.7.orig.tar.gz.asc
 852848b3e48f01436b09611f5cfe8866 168149 x11 optional xorg-server_21.1.7-1.diff.gz

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAmPiTzIUHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z60lyRAAlLifsxvnfmavQhguxskkeDbCjOsc
AeONIrs47B4UOWjo4+u8g7bwWH6+F5sppmcHUdb2H7q1jRuErKqPV29rkBWsYmo7
GuSwnKs/73OZ/ghn6NSNGbZkun+hvtiKrNHmWwWw4C9P/W/6BA4OyGTzTl7E4Spm
Q5sRvvtBPUYwsZ7FP/KRYu1Dv7fVljrijNXNhmVz3X7mR1W7m0kZ1jd6gtM/Qw/P
+n79YAj2FbqQWLuI8vabwSV5d0qKHOITkh67K2yYiu9bFGMN6JiYE7Tca5p29yVB
EJTBpiRT3mRHIutB/u6QqadUQ+bVdcg81F2BxVKSwTQcVa21fxySgoVxjzTQ4AeR
9LzetrXK36RmleV9ZK/S1pW5hZp9t1siQlxNUVv8NDESj9FxenE97mv1B6B7TLHj
+BMNhUj8y0Z0PE7Bi1U16DHFvGx/7Q7IoQJCdQFLQj2V0U5ARbuI6zTB5sTtjgV2
3LOWvTHnoWV5NpA/E7URPTKL70oUHZn58WNM9ahBjOK86PFFlVqWC4aXt2YcXe53
nBf5O93tF7aNNuNqMpZf9IqGu+TFSXnx5rIfxvUSZgjucKx00H+Og8oFT+RNObkR
llPYHs1Pn8EUHC/JIO9+ySA6U5DAN3YXjggGdj39mR2cHC6dB0zC9NgenZ1Zb1r3
kr43wLeLiKkd7GU=
=2uvx
-----END PGP SIGNATURE-----

--- End Message ---