Bug#1014903: marked as done (xorg-server: CVE-2022-2319 CVE-2022-2320)
Your message dated Sat, 06 Aug 2022 21:02:13 +0000
with message-id <E1oKQw1-00HGxm-IT@fasolo.debian.org>
and subject line Bug#1014903: fixed in xorg-server 2:1.20.11-1+deb11u2
has caused the Debian Bug report #1014903,
regarding xorg-server: CVE-2022-2319 CVE-2022-2320
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1014903: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014903
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: xorg-server: CVE-2022-2319 CVE-2022-2320
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Thu, 14 Jul 2022 10:15:06 +0200
- Message-id: <165778650616.750225.14245919734179537334.reportbug@eldamar.lan>
Source: xorg-server
Version: 2:21.1.3-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerabilities were published for xorg-server.
CVE-2022-2319[0]:
| ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access
CVE-2022-2320[1]:
| ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-2319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319
[1] https://security-tracker.debian.org/tracker/CVE-2022-2320
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320
[2] https://www.openwall.com/lists/oss-security/2022/07/12/1
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: xorg-server
Source-Version: 2:1.20.11-1+deb11u2
Done: Emilio Pozuelo Monfort <pochu@debian.org>
We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1014903@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emilio Pozuelo Monfort <pochu@debian.org> (supplier of updated xorg-server package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 05 Aug 2022 10:00:36 +0200
Source: xorg-server
Architecture: source
Version: 2:1.20.11-1+deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Closes: 1014903
Changes:
xorg-server (2:1.20.11-1+deb11u2) bullseye-security; urgency=medium
.
* xkb: add request length validation for XkbSetGeometry (CVE-2022-2319)
* xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck (CVE-2022-2320)
* Closes: #1014903.
Checksums-Sha1:
5e456e9f0d99de9e4cdb176dd08ca12a93525ba5 4236 xorg-server_1.20.11-1+deb11u2.dsc
470731401c0c828f603b6ac5b92799483bd12eff 9414572 xorg-server_1.20.11.orig.tar.gz
57f5de5088bb7d69872e40126ec43d25ee585a09 165358 xorg-server_1.20.11-1+deb11u2.diff.gz
8125621690dbe010b493c261e8b7360d2dcf8ad4 6933 xorg-server_1.20.11-1+deb11u2_source.buildinfo
Checksums-Sha256:
f50b59fa629d6e1a0a343361f368817ba228c7418ecd19b7399be49ba4ed7039 4236 xorg-server_1.20.11-1+deb11u2.dsc
4e9341c96f5ed0f6b9491ed732c501303479d3fe21da280c768a1822d7e5d352 9414572 xorg-server_1.20.11.orig.tar.gz
3ea840e7d486a6532c5be47a20bbf6f29d0ff56afe64b9282663904cf353f3ec 165358 xorg-server_1.20.11-1+deb11u2.diff.gz
e6626ce9152eeba4d1c69cd8a508333ae3a3821d3330030b3a877787c968a11b 6933 xorg-server_1.20.11-1+deb11u2_source.buildinfo
Files:
f038696fab61ef7b9d04893c59f8521f 4236 x11 optional xorg-server_1.20.11-1+deb11u2.dsc
86ef76882fabf07028a95a29a3edf032 9414572 x11 optional xorg-server_1.20.11.orig.tar.gz
608aa3f44fd0eef9b1a33a3936fa3ebe 165358 x11 optional xorg-server_1.20.11-1+deb11u2.diff.gz
9fbfc15053edc566421d4d00c7cfd266 6933 x11 optional xorg-server_1.20.11-1+deb11u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmLuM04ACgkQnUbEiOQ2
gwISkg//UoqUYDZ04MuOxxDOKbi9qG1J4J2vRV83ATdz5OOOd6huGD86hVdDkzgB
X7RtSdbzIoglBVGDt/qq91F4QG3/xKZJEg9EuzWJzbNMECuO+WScJr2MuxbSixbO
Iu7hM7bIJyJ5kqkYfJvqapHDnl4TLE4MIfeHCsh82uUc4+WP8hfiRac2NAYeeO3x
KC//cAVqMBM9ltSIkBOdUhqey13sU+DMQj5Z8zAqY/Yri3TsLk5wFK4qB3x/qrDK
QoWDUrnPEyd33wCZn4sH+726eBlC1bfOoYKDJWJHguwCTIpIzsBXXMsnWPVIbh03
x5ovW8oWWcwmydLYqJ6FD0jMtJrF2mrg7ZaNXYjoCLK24RldqYhVqCpGN6gSwg14
WjeCI2qHc5H+Tt2++z0Y4cAk98K4AsWCeTVe+Z9JdqhS37uMsHpQtKi/3dhahjQq
BDN5OGk6qSQJU5nhLcsocpSZ43hiu9YzdKWVgp/NbGpOD8TAhVzhwiw9QHSScuAK
5hrLOMj+aN5g615MlF0WwXYAkPWfxzElKJA4NegGvbADPzy5XEylOAoGmtgEYfW4
yuWXprIjFSBUEwKnt5s1TyY0dCSWkDaH6yj3PuNQYYRQzaZf7Xg9y9xhMpz6gQlg
WNaJtzSNTRn8rNR4UQT1k2It8iJryTe4LL1dx5gJas/LUSunR9A=
=fkmg
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: