[Git][security-tracker-team/security-tracker][master] Reserve DSA number for xorg-server update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 12 21:26:55 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
44506406 by Salvatore Bonaccorso at 2024-04-12T22:26:16+02:00
Reserve DSA number for xorg-server update
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3639,6 +3639,8 @@ CVE-2024-31083 (A use-after-free vulnerability was found in the ProcRenderAddGly
NOTE: Followup to fix regression: https://gitlab.freedesktop.org/xorg/xserver/-/commit/337d8d48b618d4fc0168a7b978be4c3447650b04
CVE-2024-31082 (A heap-based buffer over-read vulnerability was found in the X.org ser ...)
- xorg-server 2:21.1.11-3 (unimportant)
+ [bookworm] - xorg-server 2:21.1.7-3+deb12u7
+ [bullseye] - xorg-server 2:1.20.11-1+deb11u13
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c684d035c06fd41c727f0ef0744517580864cef
NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html
NOTE: Affects the XQuartz (X11 server and client libraries for macOS) component
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[12 Apr 2024] DSA-5657-1 xorg-server - security update
+ {CVE-2024-31080 CVE-2024-31081 CVE-2024-31083}
+ [bullseye] - xorg-server 2:1.20.11-1+deb11u13
+ [bookworm] - xorg-server 2:21.1.7-3+deb12u7
[11 Apr 2024] DSA-5656-1 chromium - security update
{CVE-2024-3157 CVE-2024-3515 CVE-2024-3516}
[bookworm] - chromium 123.0.6312.122-1~deb12u1
=====================================
data/dsa-needed.txt
=====================================
@@ -96,9 +96,5 @@ webkit2gtk (berto)
--
wpa
--
-xorg-server (carnil)
- Regression by last round: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1659
- Holding back update until addressed, cf. #1068470
---
zabbix
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44506406315b832ed6de260c1c8125bb87bdcf71
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44506406315b832ed6de260c1c8125bb87bdcf71
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240412/b088707d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list