[Git][security-tracker-team/security-tracker][master] Add two new xorg-server issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 13 05:38:49 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b928913e by Salvatore Bonaccorso at 2023-12-13T06:38:17+01:00
Add two new xorg-server issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7989,6 +7989,18 @@ CVE-2023-31581 (Dromara Sureness before v1.0.8 was discovered to use a hardcoded
 	NOT-FOR-US: Dromara Sureness
 CVE-2023-31580 (light-oauth2 before version 2.1.27 obtains the public key without any  ...)
 	NOT-FOR-US: light-oauth2
+CVE-2023-6478 [Out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty]
+	- xorg-server <unfixed>
+	- xwayland <unfixed>
+	[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
+	NOTE: https://lists.x.org/archives/xorg-announce/2023-December/003435.html
+	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632
+CVE-2023-6377 [Out-of-bounds memory write in XKB button actions]
+	- xorg-server <unfixed>
+	- xwayland <unfixed>
+	[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
+	NOTE: https://lists.x.org/archives/xorg-announce/2023-December/003435.html
+	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
 CVE-2023-5574 (A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue oc ...)
 	- xorg-server <unfixed> (bug #1055426)
 	[bookworm] - xorg-server <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b928913eb3e47c15e99d2dc8bc979d10a0340e73

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b928913eb3e47c15e99d2dc8bc979d10a0340e73
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231213/99479bba/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list