Bug#1086244: marked as done (xorg-server: CVE-2024-9632)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Tue, 29 Oct 2024 21:38:03 +0000
with message-id <E1t5tud-007wGD-1f@fasolo.debian.org>
and subject line Bug#1086244: fixed in xorg-server 2:21.1.13-3.1
has caused the Debian Bug report #1086244,
regarding xorg-server: CVE-2024-9632
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1086244: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086244
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: xorg-server: CVE-2024-9632
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Tue, 29 Oct 2024 16:36:52 +0100
• Message-id: <[🔎] 173021621228.1746744.11421786522031324362.reportbug@eldamar.lan>

Source: xorg-server
Version: 2:21.1.13-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: Julien Cristau <jcristau@debian.org>, carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 2:21.1.7-3+deb12u7
Control: found -1 2:21.1.7-1
Control: fixed -1 2:21.1.7-3+deb12u8
Control: clone -1 -2
Control: reassign -2 src:xwayland 2:24.1.3-1
Control: severity -2 important
Control: retitle -2 xwayland: CVE-2024-9632

Hi,

The following vulnerability was published for xorg-server.

CVE-2024-9632[0]:
| xkb: Fix buffer overflow in _XkbSetCompatMap()


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-9632
    https://www.cve.org/CVERecord?id=CVE-2024-9632
[1] https://gitlab.freedesktop.org/xorg/xserver/-/commit/85b776571487f52e756f68a069c768757369bfe3

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 1086244-close@bugs.debian.org
• Subject: Bug#1086244: fixed in xorg-server 2:21.1.13-3.1
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Tue, 29 Oct 2024 21:38:03 +0000
• Message-id: <E1t5tud-007wGD-1f@fasolo.debian.org>
• Reply-to: Salvatore Bonaccorso <carnil@debian.org>

Source: xorg-server
Source-Version: 2:21.1.13-3.1
Done: Salvatore Bonaccorso <carnil@debian.org>

We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1086244@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated xorg-server package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 29 Oct 2024 17:23:02 +0100
Source: xorg-server
Architecture: source
Version: 2:21.1.13-3.1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1086244
Changes:
 xorg-server (2:21.1.13-3.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * xkb: Fix buffer overflow in _XkbSetCompatMap() (CVE-2024-9632)
     (Closes: #1086244)
Checksums-Sha1: 
 3ffcdab02a283fedca306ed72555eba5a251e567 4387 xorg-server_21.1.13-3.1.dsc
 1cfce4ce97201217fe2e794a58a07bfc8766e49e 179046 xorg-server_21.1.13-3.1.diff.gz
Checksums-Sha256: 
 993c529dfb1467190b885a3542dc0b3c4f3c006e0c8672a59093632f51724448 4387 xorg-server_21.1.13-3.1.dsc
 d661ccef75a73dd83c776f8ea175c7969b90e8c1f191a39a42f48c7deec5c5ed 179046 xorg-server_21.1.13-3.1.diff.gz
Files: 
 d65e215ac180c0b6aa61d6f5bfd07a18 4387 x11 optional xorg-server_21.1.13-3.1.dsc
 731438ce98a7d29ede5f5f813d58e8b8 179046 x11 optional xorg-server_21.1.13-3.1.diff.gz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmchDTpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ESNoP/iwXNmkiMMKsksimHsZ1sazVxCXPqPcy
USucg3k34nwQ4pldMe1M3CsYK6kTK5tGCljFIPJyzkudVeh7vstCScIvDAh2gyJw
z8IuSiDZCrTrh6EVd+V7rYLHyn59co/nNjEvTNTF3YVDD9Ku7hWy4MHDFBXdnIcY
5erSWnjo1gpE4/Hzn982TwGkeNG+MhMmb0ohOpMliHC7tZagjLrWp/xqCUexIry0
u1emqjRaG/JYMl+hbX3zJ79DAsi+lVBnoVWuUkcvfdiD7gxpAPFcK3uiSqZppRvf
uLvLsTs+k/n9CAs3A2t8/QA2Dlz48KA2ibrNI8zt4JjmrI7Yyn3O6Cxq6qlzFV5V
97zhu9o8mnbkdy8TNMSjTTTbTh1SrYbH0sSo0+X8i9Uc9gNmFVTbbKkdZNJbRXw+
ynWecthrK92i6oco7dONsm+Kv0pcx3V5I2BdpMkLPLsdffQfIZJwe7h4E49KUP1t
82rTxpeJ5o4PMFVtSMjNEQGPjnWd+j5WLCSOQQL6SStX+DWQOolvtzGl28cDDchz
gFad/vfTTvdciJlGiAfzldqXhD5eI/U+KFaZY77YgjCwCY6wP9OvpZRiSVy2IcFz
KYssMzO55uMXxeQli/0UqcrPGfD57eOIHL8r0rOpq27UEjdW4b/xL/2CrBrtF908
GXzJr7QJ+/u7
=Rkou
-----END PGP SIGNATURE-----

Attachment: pgpkUkykt1AcY.pgp
Description: PGP signature

--- End Message ---