[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1038133: marked as done (libx11: CVE-2023-3138)

Your message dated Sat, 24 Jun 2023 19:47:58 +0000
with message-id <E1qD9Ek-006hor-6k@fasolo.debian.org>
and subject line Bug#1038133: fixed in libx11 2:1.7.2-1+deb11u1
has caused the Debian Bug report #1038133,
regarding libx11: CVE-2023-3138
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1038133: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038133
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: libx11
Version: 2:1.8.4-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for libx11.

CVE-2023-3138[0]:
| Buffer overflows in InitExt.c in libX11

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-3138
    https://www.cve.org/CVERecord?id=CVE-2023-3138
[1] https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c
[2] https://www.openwall.com/lists/oss-security/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: libx11
Source-Version: 2:1.7.2-1+deb11u1
Done: Salvatore Bonaccorso <carnil@debian.org>

We believe that the bug you reported is fixed in the latest version of
libx11, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038133@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libx11 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 15 Jun 2023 21:58:56 +0200
Source: libx11
Architecture: source
Version: 2:1.7.2-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1038133
Changes:
 libx11 (2:1.7.2-1+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * InitExt.c: Add bounds checks for extension request, event, & error codes
     (CVE-2023-3138) (Closes: #1038133)
Package-Type: udeb
Checksums-Sha1: 
 4f7e5027d215d1614e904478c77b7eec3289620f 2726 libx11_1.7.2-1+deb11u1.dsc
 d819692b11813732a14924fe28d443e20876429e 3181228 libx11_1.7.2.orig.tar.gz
 ed2f1e2800ec9b113c5f32f3aa736384cf8a2db9 833 libx11_1.7.2.orig.tar.gz.asc
 cff63fb9ae99b29648d0c1a32e726615b298948d 77935 libx11_1.7.2-1+deb11u1.diff.gz
Checksums-Sha256: 
 ec0dcab068d361357957338097b8e5afea57d864c85485db57d74fefd133812d 2726 libx11_1.7.2-1+deb11u1.dsc
 2c26ccd08f43a6214de89110554fbe97c71692eeb7e7d4829f3004ae6fafd2c0 3181228 libx11_1.7.2.orig.tar.gz
 509d0ed983ff3aed0dbfb070dabfce82b5787e626f2fd0bfb2a5887918fcd967 833 libx11_1.7.2.orig.tar.gz.asc
 e1991b48759c51f7bfb765d582311d8ac2ef4b5d6aa951fec1608982e1d8cdcd 77935 libx11_1.7.2-1+deb11u1.diff.gz
Files: 
 9494a043c90aa4f625232a746fe1ca77 2726 x11 optional libx11_1.7.2-1+deb11u1.dsc
 1012753f3aa3ff4d6a4375aad752e6ba 3181228 x11 optional libx11_1.7.2.orig.tar.gz
 eacbee1e89f81382a0f0a6e88e602c89 833 x11 optional libx11_1.7.2.orig.tar.gz.asc
 bd70895eece14f5607bd1a0ecf43d8dc 77935 x11 optional libx11_1.7.2-1+deb11u1.diff.gz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSLb4BfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ESNoP/R5Do424Msjs+maPx92bZZeorlHPDDS2
+FxQpBf4pQ32chlfDtJdsean1S3cQkQLUGFP3SYQoDUBqDyd+R2BcfWgWWp2+Qig
Q8aHUqFNFCMHICGbt0PQIW+gjLN0dDoZsVfZg9NbYhSIZrT1ro82C8TcDvqgJRYo
K4BmGlRiCaqklQ38fNttKSYIC/kh/gfW8L57dRYKX1m8yClj5znNfnIMqw3J77u1
A5+6mWnfl3fxteWta4nDCNpz9CWKKjDS7+CC9J3Sl3GHmi1+/dq3x9FZ4jBPa2WW
MuRtofNbpmocuaM712uBgJiHgxUyXhQ4GifjyU4N/SOmdtlwhWlUqRvF69MF/+W0
wUOFH9d9vz/NZHkMI6mFulEdQKgneYpdb+6kZb/Nb1VUTY+/GIZmMDFhH3sqgf2S
APiSawgZg6tMhx2GX/mnlK/b9eFvczUnURf6BVPIFnY3ztmRMX7t9OyCEZSW1EmC
pWdrPzjza4qA+QVl6ZTRxK0iCUg3tGDdaVmkyyCj+6z8uXbr34R5pcAl6ULn+jqT
SZ/BSqq84prpt9EFErA0ysDr6p+uoE+nNNCHu0QXI4dOmNfBVBnchQ7KiFa3FEu0
FF82umHh7226grhU0mj5T07jn8g+CtWP3R33TT4LZdCfC6XAgxZ9Os6eQd+FsJHL
XxWwaeY9qOlb
=9mMS
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: