[Git][security-tracker-team/security-tracker][master] Demote all (old) new xkbcomp issues to unimportant
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 3 07:42:34 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0882485e by Salvatore Bonaccorso at 2025-12-03T08:42:16+01:00
Demote all (old) new xkbcomp issues to unimportant
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -577513,13 +577513,12 @@ CVE-2018-15863 (Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbc
- libxkbcommon 0.8.2-1 (low; bug #907302)
[stretch] - libxkbcommon <ignored> (Minor issue)
[jessie] - libxkbcommon <no-dsa> (Minor issue)
- - x11-xkb-utils <unfixed>
- [trixie] - x11-xkb-utils <no-dsa> (Minor issue)
- [bookworm] - x11-xkb-utils <no-dsa> (Minor issue)
+ - x11-xkb-utils <unfixed> (unimportant)
NOTE: https://github.com/xkbcommon/libxkbcommon/commit/96df3106d49438e442510c59acad306e94f3db4d
NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
NOTE: https://www.openwall.com/lists/oss-security/2025/12/03/1
NOTE: https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/fa10dbc2ca8bcb45bcecb433520de755e628ca91
+ NOTE: For x11-xkb-utils/xkbcomp negligible security impact, crash in CLI tool
CVE-2018-15862 (Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkb ...)
- libxkbcommon 0.8.2-1 (low; bug #907302)
[stretch] - libxkbcommon <ignored> (Minor issue)
@@ -577530,26 +577529,24 @@ CVE-2018-15861 (Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c
- libxkbcommon 0.8.2-1 (low; bug #907302)
[stretch] - libxkbcommon <ignored> (Minor issue)
[jessie] - libxkbcommon <no-dsa> (Minor issue)
- - x11-xkb-utils <unfixed>
- [trixie] - x11-xkb-utils <no-dsa> (Minor issue)
- [bookworm] - x11-xkb-utils <no-dsa> (Minor issue)
+ - x11-xkb-utils <unfixed> (unimportant)
NOTE: https://github.com/xkbcommon/libxkbcommon/commit/38e1766bc6e20108948aec8a0b222a4bad0254e9
NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
NOTE: https://www.openwall.com/lists/oss-security/2025/12/03/1
NOTE: https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/c342635409cd687da0eda323ef4f165b11565052
+ NOTE: For x11-xkb-utils/xkbcomp negligible security impact, crash in CLI tool
CVE-2018-15860
RESERVED
CVE-2018-15859 (Unchecked NULL pointer usage when parsing invalid atoms in ExprResolve ...)
- libxkbcommon 0.8.2-1 (low; bug #907302)
[stretch] - libxkbcommon <ignored> (Minor issue)
[jessie] - libxkbcommon <no-dsa> (Minor issue)
- - x11-xkb-utils <unfixed>
- [trixie] - x11-xkb-utils <no-dsa> (Minor issue)
- [bookworm] - x11-xkb-utils <no-dsa> (Minor issue)
+ - x11-xkb-utils <unfixed> (unimportant)
NOTE: https://github.com/xkbcommon/libxkbcommon/commit/bb4909d2d8fa6b08155e449986a478101e2b2634
NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
NOTE: https://www.openwall.com/lists/oss-security/2025/12/03/1
NOTE: https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/895e080b237e346a43a31edf9dee6143c2abf230
+ NOTE: For x11-xkb-utils/xkbcomp negligible security impact, crash in CLI tool
CVE-2018-15858 (Unchecked NULL pointer usage when handling invalid aliases in CopyKeyA ...)
- libxkbcommon 0.8.2-1 (low; bug #907302)
[stretch] - libxkbcommon <ignored> (Minor issue)
@@ -577584,13 +577581,12 @@ CVE-2018-15853 (Endless recursion exists in xkbcomp/expr.c in xkbcommon and libx
- libxkbcommon 0.8.2-1 (low; bug #907302)
[stretch] - libxkbcommon <ignored> (Minor issue)
[jessie] - libxkbcommon <no-dsa> (Minor issue)
- - x11-xkb-utils <unfixed>
- [trixie] - x11-xkb-utils <no-dsa> (Minor issue)
- [bookworm] - x11-xkb-utils <no-dsa> (Minor issue)
+ - x11-xkb-utils <unfixed> (unimportant)
NOTE: https://github.com/xkbcommon/libxkbcommon/commit/1f9d1248c07cda8aaff762429c0dce146de8632a
NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
NOTE: https://www.openwall.com/lists/oss-security/2025/12/03/1
NOTE: https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/da836764573298c53c625c6c237ab5211b2d3adf
+ NOTE: For x11-xkb-utils/xkbcomp negligible security impact
CVE-2018-15852 (Technicolor TC7200.20 devices allow remote attackers to cause a denial ...)
NOT-FOR-US: Technicolor
CVE-2018-15851 (An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerabi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0882485e9648b29a5119fcf0a20e64077d1c732a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0882485e9648b29a5119fcf0a20e64077d1c732a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251203/675ff017/attachment.htm>
More information about the debian-security-tracker-commits
mailing list