Bug#1038133: marked as done (libx11: CVE-2023-3138)

To: Salvatore Bonaccorso <carnil@debian.org>
Subject: Bug#1038133: marked as done (libx11: CVE-2023-3138)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Fri, 16 Jun 2023 13:27:07 +0000
Message-id: <[🔎] handler.1038133.D1038133.16869217522974434.ackdone@bugs.debian.org>
Reply-to: 1038133@bugs.debian.org
References: <[🔎] ZIxiFDhNE0psQXTn@eldamar.lan> <[🔎] 168685765228.3198392.16455522137525446468.reportbug@eldamar.lan>

Your message dated Fri, 16 Jun 2023 15:22:28 +0200
with message-id <[🔎] ZIxiFDhNE0psQXTn@eldamar.lan>
and subject line Accepted libx11 2:1.8.6-1 (source) into unstable
has caused the Debian Bug report #1038133,
regarding libx11: CVE-2023-3138
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1038133: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038133
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libx11: CVE-2023-3138
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 15 Jun 2023 21:34:12 +0200
Message-id: <[🔎] 168685765228.3198392.16455522137525446468.reportbug@eldamar.lan>

Source: libx11
Version: 2:1.8.4-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for libx11.

CVE-2023-3138[0]:
| Buffer overflows in InitExt.c in libX11

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-3138
    https://www.cve.org/CVERecord?id=CVE-2023-3138
[1] https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c
[2] https://www.openwall.com/lists/oss-security/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

To: 1038133@bugs.debian.org, 1038133-done@bugs.debian.org
Cc: Debian X Strike Force <debian-x@lists.debian.org>, Julien Cristau <jcristau@debian.org>
Subject: Accepted libx11 2:1.8.6-1 (source) into unstable
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 16 Jun 2023 15:22:28 +0200
Message-id: <[🔎] ZIxiFDhNE0psQXTn@eldamar.lan>
Mail-followup-to: 1038133@bugs.debian.org, 1038133-done@bugs.debian.org, Debian X Strike Force <debian-x@lists.debian.org>, Julien Cristau <jcristau@debian.org>

Source: libx11
Source-Version: 2:1.8.6-1

----- Forwarded message from Debian FTP Masters <ftpmaster@ftp-master.debian.org> -----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 16 Jun 2023 14:36:12 +0200
Source: libx11
Architecture: source
Version: 2:1.8.6-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Changes:
 libx11 (2:1.8.6-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release
     - InitExt.c: Add bounds checks for extension request, event, & error codes
       (CVE-2023-3138)
Checksums-Sha1:
 c3ece1c881490073629618f1a62571d0a11e91d7 2509 libx11_1.8.6-1.dsc
 d1ae1bcdb93b4bc943fda2b1fa424519f4aa1e16 3193457 libx11_1.8.6.orig.tar.gz
 a4cb1b03b9dfb470237c3f7b3fdf19a0f61acc60 801 libx11_1.8.6.orig.tar.gz.asc
 581f38c1f8e9ce1ffa8e8c067453d9b29fc09baa 73485 libx11_1.8.6-1.diff.gz
Checksums-Sha256:
 12d0bad855f51aa4ee6286f1c88acf6395fe6ea94b5416f79c664631bf5b83a8 2509 libx11_1.8.6-1.dsc
 5ff0d26c94d82ebb94a944b9f1f55cd01b9713fd461fe93f62f3527ce14ad94e 3193457 libx11_1.8.6.orig.tar.gz
 20b9fb0b6d80411dee9b6c3e2b5821ba0f26e59d1ac4c3e715e9d93679895126 801 libx11_1.8.6.orig.tar.gz.asc
 7ddc8c5f32c4292fd7f525a75301d77d3010467639ce9f217416dc9031da97a5 73485 libx11_1.8.6-1.diff.gz
Files:
 53cafd8cabc339841a67b7f0d4faf8ac 2509 x11 optional libx11_1.8.6-1.dsc
 9767ee0c5819e35142835da61b923421 3193457 x11 optional libx11_1.8.6.orig.tar.gz
 8599583071c79ac9bed437ff110960e1 801 x11 optional libx11_1.8.6.orig.tar.gz.asc
 8b00a91d766e6cdcfcdccfc403bb00ff 73485 x11 optional libx11_1.8.6-1.diff.gz

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAmSMV6IUHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z60QJA//Ym0v7RoQECMz4q8FWLZoCEO7x5Ip
n4HLEMfw1VXBvqjwEAo6VEyHaUtuDpSVoP4DiGkX4za0XtoieXwc7uwjAocyj6K3
3wPmcmYMm8b8gPSFBbB3qmyNX6CLehHbMdarRbiR3lb6f9e1XoJ8IpuaW0pcjLwz
VGvrp1SdI6yfFQmHvUokzh1SrLABFiLhJuz8twxBamjvZ6XtZeICKAB0MkkoQ2Sx
xYMlRxSOueb6mB5EWBBizWbU2y+4Gpy8AVFgmNb5v5AIm1SeYd1QzTN5agpuaimh
P4QqGMZ/Z4kl3Po3AYOd6dHauEOhCecZinnWHgE7siTjOgrDzvkWLI5zXmfRsxTD
SCaGJdUgAPgcIs7xLC3GM5OADdv+LvssHVS0VzynkuhoJSjQtCRL0pvGN2hc4luj
/0Auw1kRAgp2Rfsb53akldt9MIKmwlZjax/LRUp1GGDo3BoTVhxNrRVtrRFBQoVj
g+ZHSkT3Qbv6Z7nTu9I9IiFXR/PmUm4Q1vZ8DfRQQcLRwAXWFM9av/CBm8dJcqOP
iB3mYVvApGDUieqUqhPpSKaqf5DVZ/moNdTMuiupO17BWBkZD+QQ/f+ZQAKBfuAU
vgsw/iMeBSC92OZsu5PFiRkeaB2x36Ntt6/rz2p9UbWsni718qMEP5G/eHqvuP6c
sPGd+MdTTE4F+PY=
=R03w
-----END PGP SIGNATURE-----


----- End forwarded message -----

--- End Message ---

Reply to:

References:
- Accepted libx11 2:1.8.6-1 (source) into unstable
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#1038133: libx11: CVE-2023-3138
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: libx11_1.8.6-1_source.changes ACCEPTED into unstable
Next by Date: Bug#1038303: please drop transitional package libxcb-util0-dev from src:xcb-util
Previous by thread: Bug#1038133: libx11: CVE-2023-3138
Next by thread: Bug#1038133: marked as done (libx11: CVE-2023-3138)
Index(es):
- Date
- Thread