[Git][security-tracker-team/security-tracker][master] Add tracking of (old) new issues fixed in xkbcomp

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
501f4473 by Salvatore Bonaccorso at 2025-12-03T08:14:05+01:00
Add tracking of (old) new issues fixed in xkbcomp

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -577513,8 +577513,13 @@ CVE-2018-15863 (Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbc
 	- libxkbcommon 0.8.2-1 (low; bug #907302)
 	[stretch] - libxkbcommon <ignored> (Minor issue)
 	[jessie] - libxkbcommon <no-dsa> (Minor issue)
+	- x11-xkb-utils <unfixed>
+	[trixie] - x11-xkb-utils <no-dsa> (Minor issue)
+	[bookworm] - x11-xkb-utils <no-dsa> (Minor issue)
 	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/96df3106d49438e442510c59acad306e94f3db4d
 	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
+	NOTE: https://www.openwall.com/lists/oss-security/2025/12/03/1
+	NOTE: https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/fa10dbc2ca8bcb45bcecb433520de755e628ca91
 CVE-2018-15862 (Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkb ...)
 	- libxkbcommon 0.8.2-1 (low; bug #907302)
 	[stretch] - libxkbcommon <ignored> (Minor issue)
@@ -577525,16 +577530,26 @@ CVE-2018-15861 (Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c
 	- libxkbcommon 0.8.2-1 (low; bug #907302)
 	[stretch] - libxkbcommon <ignored> (Minor issue)
 	[jessie] - libxkbcommon <no-dsa> (Minor issue)
+	- x11-xkb-utils <unfixed>
+	[trixie] - x11-xkb-utils <no-dsa> (Minor issue)
+	[bookworm] - x11-xkb-utils <no-dsa> (Minor issue)
 	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/38e1766bc6e20108948aec8a0b222a4bad0254e9
 	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
+	NOTE: https://www.openwall.com/lists/oss-security/2025/12/03/1
+	NOTE: https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/c342635409cd687da0eda323ef4f165b11565052
 CVE-2018-15860
 	RESERVED
 CVE-2018-15859 (Unchecked NULL pointer usage when parsing invalid atoms in ExprResolve ...)
 	- libxkbcommon 0.8.2-1 (low; bug #907302)
 	[stretch] - libxkbcommon <ignored> (Minor issue)
 	[jessie] - libxkbcommon <no-dsa> (Minor issue)
+	- x11-xkb-utils <unfixed>
+	[trixie] - x11-xkb-utils <no-dsa> (Minor issue)
+	[bookworm] - x11-xkb-utils <no-dsa> (Minor issue)
 	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/bb4909d2d8fa6b08155e449986a478101e2b2634
 	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
+	NOTE: https://www.openwall.com/lists/oss-security/2025/12/03/1
+	NOTE: https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/895e080b237e346a43a31edf9dee6143c2abf230
 CVE-2018-15858 (Unchecked NULL pointer usage when handling invalid aliases in CopyKeyA ...)
 	- libxkbcommon 0.8.2-1 (low; bug #907302)
 	[stretch] - libxkbcommon <ignored> (Minor issue)
@@ -577569,8 +577584,13 @@ CVE-2018-15853 (Endless recursion exists in xkbcomp/expr.c in xkbcommon and libx
 	- libxkbcommon 0.8.2-1 (low; bug #907302)
 	[stretch] - libxkbcommon <ignored> (Minor issue)
 	[jessie] - libxkbcommon <no-dsa> (Minor issue)
+	- x11-xkb-utils <unfixed>
+	[trixie] - x11-xkb-utils <no-dsa> (Minor issue)
+	[bookworm] - x11-xkb-utils <no-dsa> (Minor issue)
 	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/1f9d1248c07cda8aaff762429c0dce146de8632a
 	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
+	NOTE: https://www.openwall.com/lists/oss-security/2025/12/03/1
+	NOTE: https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/da836764573298c53c625c6c237ab5211b2d3adf
 CVE-2018-15852 (Technicolor TC7200.20 devices allow remote attackers to cause a denial ...)
 	NOT-FOR-US: Technicolor
 CVE-2018-15851 (An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerabi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/501f4473cffb2263f961e984758a573b802782da

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/501f4473cffb2263f961e984758a573b802782da
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251203/f5f80b80/attachment-0001.htm>