[Git][security-tracker-team/security-tracker][master] Add two new xorg-server issues

Tue, 12 Dec 2023 21:39:05 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b928913e by Salvatore Bonaccorso at 2023-12-13T06:38:17+01:00
Add two new xorg-server issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7989,6 +7989,18 @@ CVE-2023-31581 (Dromara Sureness before v1.0.8 was 
discovered to use a hardcoded
        NOT-FOR-US: Dromara Sureness
 CVE-2023-31580 (light-oauth2 before version 2.1.27 obtains the public key 
without any  ...)
        NOT-FOR-US: light-oauth2
+CVE-2023-6478 [Out-of-bounds memory read in RRChangeOutputProperty and 
RRChangeProviderProperty]
+       - xorg-server <unfixed>
+       - xwayland <unfixed>
+       [bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be 
running as root)
+       NOTE: 
https://lists.x.org/archives/xorg-announce/2023-December/003435.html
+       NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632
+CVE-2023-6377 [Out-of-bounds memory write in XKB button actions]
+       - xorg-server <unfixed>
+       - xwayland <unfixed>
+       [bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be 
running as root)
+       NOTE: 
https://lists.x.org/archives/xorg-announce/2023-December/003435.html
+       NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
 CVE-2023-5574 (A use-after-free flaw was found in xorg-x11-server-Xvfb. This 
issue oc ...)
        - xorg-server <unfixed> (bug #1055426)
        [bookworm] - xorg-server <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b928913eb3e47c15e99d2dc8bc979d10a0340e73

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b928913eb3e47c15e99d2dc8bc979d10a0340e73
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to