[Git][security-tracker-team/security-tracker][master] Track new libx11 and libxpm issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
170cf61c by Salvatore Bonaccorso at 2023-10-03T18:56:45+02:00
Track new libx11 and libxpm issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2023-43789 [libXpm: out of bounds read on XPM with corrupted colormap]
+	- libxpm <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1
+	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51
+CVE-2023-43788 [libXpm: out of bounds read in XpmCreateXpmImageFromBuffer()]
+	- libxpm <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1
+	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/2fa554b01ef6079a9b35df9332bdc4f139ed67e0
+CVE-2023-43787 [ibX11: integer overflow in XCreateImage() leading to a heap overflow]
+	- libx11 <unfixed>
+	- libxpm <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1
+	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/7916869d16bdd115ac5be30a67c3749907aea6a0
+	NOTE: Hardening: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/91f887b41bf75648df725a4ed3be036da02e911e
+CVE-2023-43786 [libX11: stack exhaustion from infinite recursion in PutSubImage()]
+	- libx11 <unfixed>
+	- libxpm <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1
+	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/204c3393c4c90a29ed6bef64e43849536e863a86
+	NOTE: Hardening: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/73a37d5f2fcadd6540159b432a70d80f442ddf4a
+	NOTE: Hardening: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/b4031fc023816aca07fbd592ed97010b9b48784b
+	NOTE: Hardening: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/84fb14574c039f19ad7face87eb9acc31a50701c
+CVE-2023-43785 [libX11: out-of-bounds memory access in _XkbReadKeySyms()]
+	- libx11 <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1
+	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/6858d468d9ca55fb4c5fd70b223dbc78a3358a7f
 CVE-2023-5345 (A use-after-free vulnerability in the Linux kernel's fs/smb/client com ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/e6e43b8aa7cd3c3af686caf0c2e11819a886d705



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/170cf61c22811f68a6ccea95598950302780ebab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/170cf61c22811f68a6ccea95598950302780ebab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231003/739b45d0/attachment-0001.htm>