[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1086245: marked as done (xwayland: CVE-2024-9632)

Your message dated Thu, 31 Oct 2024 05:54:45 +0100
with message-id <[🔎] ZyMNlRhNdNmTWUtd@eldamar.lan>
and subject line [ftpmaster@ftp-master.debian.org: Accepted xwayland 2:24.1.4-1 (source) into unstable]
has caused the Debian Bug report #1086245,
regarding xwayland: CVE-2024-9632
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1086245: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086245
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: xorg-server
Version: 2:21.1.13-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: Julien Cristau <jcristau@debian.org>, carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 2:21.1.7-3+deb12u7
Control: found -1 2:21.1.7-1
Control: fixed -1 2:21.1.7-3+deb12u8
Control: clone -1 -2
Control: reassign -2 src:xwayland 2:24.1.3-1
Control: severity -2 important
Control: retitle -2 xwayland: CVE-2024-9632

Hi,

The following vulnerability was published for xorg-server.

CVE-2024-9632[0]:
| xkb: Fix buffer overflow in _XkbSetCompatMap()


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-9632
    https://www.cve.org/CVERecord?id=CVE-2024-9632
[1] https://gitlab.freedesktop.org/xorg/xserver/-/commit/85b776571487f52e756f68a069c768757369bfe3

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: xwayland
Source-Version: 2:24.1.4-1

Closing #1086245 (as 1086244 was for src:xorg-server and then cloned).

Regards,
Salvatore

----- Forwarded message from Debian FTP Masters <ftpmaster@ftp-master.debian.org> -----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 30 Oct 2024 12:01:08 +0200
Source: xwayland
Built-For-Profiles: noudeb
Architecture: source
Version: 2:24.1.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Timo Aaltonen <tjaalton@debian.org>
Closes: 1086244
Changes:
 xwayland (2:24.1.4-1) unstable; urgency=medium
 .
   * New upstream release
     + CVE-2024-9632: Heap-based buffer overflow privilege escalation in
       _XkbSetCompatMap (closes: #1086244)
Checksums-Sha1:
 7db77eff8432e3c4a1a83f441feb45ca34b1d2ce 2528 xwayland_24.1.4-1.dsc
 05a766897497b5df7e9d64e34fcd99304cd96363 1302372 xwayland_24.1.4.orig.tar.xz
 7683b78aa1b9c038fc574b8dff72da28c17ba453 195 xwayland_24.1.4.orig.tar.xz.asc
 d4d57feefa9324e4af20eb857f079f0f31ba1323 36036 xwayland_24.1.4-1.debian.tar.xz
 64f1180c83bf9d042d4058c450ef05c7768553e4 8888 xwayland_24.1.4-1_source.buildinfo
Checksums-Sha256:
 a4ab92a058cca36ca8a8186ba09b8b0b90dbe6fa333a9b7086d9a6798a3931d7 2528 xwayland_24.1.4-1.dsc
 d96a78dbab819f55750173444444995b5031ebdcc15b77afebbd8dbc02af34f4 1302372 xwayland_24.1.4.orig.tar.xz
 231f2ff24b98b4fb240b950f72ab2627843d376fd4e8f72952f6970eaf91dd46 195 xwayland_24.1.4.orig.tar.xz.asc
 36058cd5d51acc6f0f6aebf6426ac4720439944ae25efc066bca981c461bcde5 36036 xwayland_24.1.4-1.debian.tar.xz
 f189be07b293f0b1287ba1246659eb77b58415cd2bfcd688b91e95bcbbf3e33e 8888 xwayland_24.1.4-1_source.buildinfo
Files:
 25d981f74f19616ac10cb7614529b6c4 2528 x11 optional xwayland_24.1.4-1.dsc
 c0d6f4a2c16844c7af70e30e330ace3c 1302372 x11 optional xwayland_24.1.4.orig.tar.xz
 ce116984983d7926860a95ddb7ba5415 195 x11 optional xwayland_24.1.4.orig.tar.xz.asc
 d7cb1f007ee608d37455c9493d43c7f3 36036 x11 optional xwayland_24.1.4-1.debian.tar.xz
 d9dea83395292426d7f31daca1fbc644 8888 x11 optional xwayland_24.1.4-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAmciBIkACgkQy3AxZaiJ
hNxUqw//bdJ72+D1TRhpK4gK1Be04CIQuLBTSF9Lx9wA4tV+fGZ34/Tfa+Vxo1Zx
phAERMhA2eepBJBMPLnzLn2Dz5KO2KywZkMhq0yLSl+75+rBVtZWOjG/MxaWGovP
4VZfriho3+kRiDa1cnGj9tI2LGm7siCqgJPnZkG4G3DjDdzR6C/i5YAmwf15GlC3
BZNlyTAz4zKJxWtn9Co5oQvoYrNFsxy69zKJC9XEjUUcUqHjY4WEBCs2VfhfM4Lh
WYcksKYIwr64SsMJYHIotNM4FuOBwX2XK2DcLpAXfE7n6V87w+75jp0NXOxDEurY
S6oC4RdfHKGixp53UBdHgnavguiYyS0lIlJ4+ppNX1TY17FlTqm30eq62zvTXzh6
3nP6PfL8WrI4UKD3TwsPkL7d0cj2tURboEWbH9VFWniB/uHS2cOVCT5ks5w4l5U/
KhAJPnZtePenkeNE9LPytHGcU9Cl0VrTe2qb2tCAEqPrSILllqqIuu/nkK2m1H0K
vznT0f5fGsbLFmfK97UZkgE8SmIHES9ZiVzIa3SDnodcxkPWiSfNsqBiDUhHa1Fp
57pM9iem147LYd/VS/CTXkNsWRNoZljB0ff4qf6FWOzDLwneENQ0NwyZlkQ0K4+R
tsR9sjpxF1PngBjcoQu4F7H2t38R6FzyufBLDn0KUtWoBcPkJcw=
=1MVM
-----END PGP SIGNATURE-----

----- End forwarded message -----

--- End Message ---
Reply to: