Your message dated Wed, 10 Apr 2024 09:05:22 +0000 with message-id <E1ruTtS-004MQF-Ok@fasolo.debian.org> and subject line Bug#1068470: fixed in xorg-server 2:21.1.12-1 has caused the Debian Bug report #1068470, regarding xorg-server: double free in fix for CVE-2024-31083 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1068470: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068470 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: xorg-server: double free in fix for CVE-2024-31083
- From: Julien Cristau <jcristau@debian.org>
- Date: Fri, 5 Apr 2024 20:14:38 +0200
- Message-id: <[🔎] ZhA_jvlX0VeahFlV@jcristau-z4>
Source: xorg-server Version: 2:21.1.11-3 Severity: grave Tags: security upstream patch Justification: user security hole X-Debbugs-Cc: jcristau@debian.org, Debian Security Team <team@security.debian.org> The latest security fixes introduced a regression, apparently replacing use-after-free with double-free in some circumstances: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1659 https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1476 Cheers, Julien
--- End Message ---
--- Begin Message ---
- To: 1068470-close@bugs.debian.org
- Subject: Bug#1068470: fixed in xorg-server 2:21.1.12-1
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 10 Apr 2024 09:05:22 +0000
- Message-id: <E1ruTtS-004MQF-Ok@fasolo.debian.org>
- Reply-to: Julien Cristau <jcristau@debian.org>
Source: xorg-server Source-Version: 2:21.1.12-1 Done: Julien Cristau <jcristau@debian.org> We believe that the bug you reported is fixed in the latest version of xorg-server, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1068470@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Julien Cristau <jcristau@debian.org> (supplier of updated xorg-server package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 10 Apr 2024 10:44:55 +0200 Source: xorg-server Architecture: source Version: 2:21.1.12-1 Distribution: unstable Urgency: medium Maintainer: Debian X Strike Force <debian-x@lists.debian.org> Changed-By: Julien Cristau <jcristau@debian.org> Closes: 1068470 Changes: xorg-server (2:21.1.12-1) unstable; urgency=medium . * New upstream release. * render: Avoid possible double-free in ProcRenderAddGlyphs() (closes: #1068470) Checksums-Sha1: a1d657b8ffbc2bd97b05f131a0988d3e2b71af73 4269 xorg-server_21.1.12-1.dsc 8cccd82e3d0954abb4e26ab8ba0f1fc316d5cab3 9023823 xorg-server_21.1.12.orig.tar.gz 98bdf3227d471ad5bda7efd224147d1dd49b3ab0 488 xorg-server_21.1.12.orig.tar.gz.asc a6eeb39464690f011307bbeedb2be2c8e295c0ab 169446 xorg-server_21.1.12-1.diff.gz Checksums-Sha256: 104d482e7cdccd9d37b3b18a4f2fea4c60ba3f4146e06a5a39bbf535c9161702 4269 xorg-server_21.1.12-1.dsc f76a5878b0e6d16415cf0cd24ffc21090845fef3bc4ada45e57ea86b6c8fb75b 9023823 xorg-server_21.1.12.orig.tar.gz 4dcd14c489665fcc8257f24b3ce88e711945c831fe4a9ca81087b915ddc057a0 488 xorg-server_21.1.12.orig.tar.gz.asc f89c8907569b76cbf5cf352e52228c4fd79e87039e9aea1e312ac264ccd1af06 169446 xorg-server_21.1.12-1.diff.gz Files: 58ed8527d8e3b50ad119950b18cedc21 4269 x11 optional xorg-server_21.1.12-1.dsc ac54ae30ef6b8f57ade1753a601388ef 9023823 x11 optional xorg-server_21.1.12.orig.tar.gz 22eacdf447315529eb5156d20d94dca4 488 x11 optional xorg-server_21.1.12.orig.tar.gz.asc c64d9fdb537568431df5570105b6bbbf 169446 x11 optional xorg-server_21.1.12-1.diff.gz -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAmYWUgQUHGpjcmlzdGF1 QGRlYmlhbi5vcmcACgkQnbAjVVb4z62cxRAAopFEuLtrQQBpN4w3/7IkWkr/3lEQ bnPhkLb/yABGLkx5+jWL2Hy1DYybutIJb4opFpJ2/dy4llfKQJXk2wI2HVg0A98A mdzDh1HvaJH5HQLtNiRgZOJ2yFs1PJI8FqGp+VjaOxvi07d7YzropSaTt/3V+xGW NCxV8Ic7g5p8wJIKIehzC5c0djgE31vtidBInfO4Dhm0c5nqARWd0ViirNWyHI6/ 471dFtcRefYy/OIulM3rTCEUtf16IP2AGDTUvOW0iITfMPXcRn/dCM5cBer6XKP2 wAAeyISe33xU/Xbkv9MmHLE+UyYyV/SyWAzBLrwuKKNJeASoa9mzUxbHyF7iu7Gv rK2OrymDLdwYiRC6Pz3lgUcm7H9lUdDwaiINKPAtS4dkGvsuYwLNr6qRpQxodrsz My6T+1bhPKeJJMmNvCg3PiGsiluZcOxuDR+CC/llrLx5hDn2jQ9A9fgBSILi3r1l DPJOKQq5j1rYJaAf5gjU/rmdvgUyWJouw21JuqHHuqGgbl3azakHN/om4kM+Q8A0 4qEr/TrKtgLU8db4yfXu0SOKyeFtv3UxUqeBOMYMaIAC0QLUMcRxhvkQYL8h8T4i GBu8P0MeB7/3/8S0r4B10a5k5wZZGBU1eRYhTLnDoubGJYFrxTEFDrZubJZ5DB2J RYkt1WA6RvpmRH4= =Wgch -----END PGP SIGNATURE-----Attachment: pgppQyIoK5DQ2.pgp
Description: PGP signature
--- End Message ---