Bug#1068470: marked as done (xorg-server: double free in fix for CVE-2024-31083)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Wed, 10 Apr 2024 09:05:22 +0000
with message-id <E1ruTtS-004MQF-Ok@fasolo.debian.org>
and subject line Bug#1068470: fixed in xorg-server 2:21.1.12-1
has caused the Debian Bug report #1068470,
regarding xorg-server: double free in fix for CVE-2024-31083
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1068470: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068470
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: xorg-server: double free in fix for CVE-2024-31083
• From: Julien Cristau <jcristau@debian.org>
• Date: Fri, 5 Apr 2024 20:14:38 +0200
• Message-id: <[🔎] ZhA_jvlX0VeahFlV@jcristau-z4>

Source: xorg-server
Version: 2:21.1.11-3
Severity: grave
Tags: security upstream patch
Justification: user security hole
X-Debbugs-Cc: jcristau@debian.org, Debian Security Team <team@security.debian.org>

The latest security fixes introduced a regression, apparently replacing
use-after-free with double-free in some circumstances:
https://gitlab.freedesktop.org/xorg/xserver/-/issues/1659
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1476

Cheers,
Julien

--- End Message ---

--- Begin Message ---

• To: 1068470-close@bugs.debian.org
• Subject: Bug#1068470: fixed in xorg-server 2:21.1.12-1
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Wed, 10 Apr 2024 09:05:22 +0000
• Message-id: <E1ruTtS-004MQF-Ok@fasolo.debian.org>
• Reply-to: Julien Cristau <jcristau@debian.org>

Source: xorg-server
Source-Version: 2:21.1.12-1
Done: Julien Cristau <jcristau@debian.org>

We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1068470@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Cristau <jcristau@debian.org> (supplier of updated xorg-server package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 10 Apr 2024 10:44:55 +0200
Source: xorg-server
Architecture: source
Version: 2:21.1.12-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Closes: 1068470
Changes:
 xorg-server (2:21.1.12-1) unstable; urgency=medium
 .
   * New upstream release.
   * render: Avoid possible double-free in ProcRenderAddGlyphs()
     (closes: #1068470)
Checksums-Sha1:
 a1d657b8ffbc2bd97b05f131a0988d3e2b71af73 4269 xorg-server_21.1.12-1.dsc
 8cccd82e3d0954abb4e26ab8ba0f1fc316d5cab3 9023823 xorg-server_21.1.12.orig.tar.gz
 98bdf3227d471ad5bda7efd224147d1dd49b3ab0 488 xorg-server_21.1.12.orig.tar.gz.asc
 a6eeb39464690f011307bbeedb2be2c8e295c0ab 169446 xorg-server_21.1.12-1.diff.gz
Checksums-Sha256:
 104d482e7cdccd9d37b3b18a4f2fea4c60ba3f4146e06a5a39bbf535c9161702 4269 xorg-server_21.1.12-1.dsc
 f76a5878b0e6d16415cf0cd24ffc21090845fef3bc4ada45e57ea86b6c8fb75b 9023823 xorg-server_21.1.12.orig.tar.gz
 4dcd14c489665fcc8257f24b3ce88e711945c831fe4a9ca81087b915ddc057a0 488 xorg-server_21.1.12.orig.tar.gz.asc
 f89c8907569b76cbf5cf352e52228c4fd79e87039e9aea1e312ac264ccd1af06 169446 xorg-server_21.1.12-1.diff.gz
Files:
 58ed8527d8e3b50ad119950b18cedc21 4269 x11 optional xorg-server_21.1.12-1.dsc
 ac54ae30ef6b8f57ade1753a601388ef 9023823 x11 optional xorg-server_21.1.12.orig.tar.gz
 22eacdf447315529eb5156d20d94dca4 488 x11 optional xorg-server_21.1.12.orig.tar.gz.asc
 c64d9fdb537568431df5570105b6bbbf 169446 x11 optional xorg-server_21.1.12-1.diff.gz

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAmYWUgQUHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z62cxRAAopFEuLtrQQBpN4w3/7IkWkr/3lEQ
bnPhkLb/yABGLkx5+jWL2Hy1DYybutIJb4opFpJ2/dy4llfKQJXk2wI2HVg0A98A
mdzDh1HvaJH5HQLtNiRgZOJ2yFs1PJI8FqGp+VjaOxvi07d7YzropSaTt/3V+xGW
NCxV8Ic7g5p8wJIKIehzC5c0djgE31vtidBInfO4Dhm0c5nqARWd0ViirNWyHI6/
471dFtcRefYy/OIulM3rTCEUtf16IP2AGDTUvOW0iITfMPXcRn/dCM5cBer6XKP2
wAAeyISe33xU/Xbkv9MmHLE+UyYyV/SyWAzBLrwuKKNJeASoa9mzUxbHyF7iu7Gv
rK2OrymDLdwYiRC6Pz3lgUcm7H9lUdDwaiINKPAtS4dkGvsuYwLNr6qRpQxodrsz
My6T+1bhPKeJJMmNvCg3PiGsiluZcOxuDR+CC/llrLx5hDn2jQ9A9fgBSILi3r1l
DPJOKQq5j1rYJaAf5gjU/rmdvgUyWJouw21JuqHHuqGgbl3azakHN/om4kM+Q8A0
4qEr/TrKtgLU8db4yfXu0SOKyeFtv3UxUqeBOMYMaIAC0QLUMcRxhvkQYL8h8T4i
GBu8P0MeB7/3/8S0r4B10a5k5wZZGBU1eRYhTLnDoubGJYFrxTEFDrZubJZ5DB2J
RYkt1WA6RvpmRH4=
=Wgch
-----END PGP SIGNATURE-----

Attachment: pgppQyIoK5DQ2.pgp
Description: PGP signature

--- End Message ---