[Git][security-tracker-team/security-tracker][master] Reserve DSA number for xorg-server update

Fri, 12 Apr 2024 13:27:09 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
44506406 by Salvatore Bonaccorso at 2024-04-12T22:26:16+02:00
Reserve DSA number for xorg-server update

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3639,6 +3639,8 @@ CVE-2024-31083 (A use-after-free vulnerability was found 
in the ProcRenderAddGly
        NOTE: Followup to fix regression: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/337d8d48b618d4fc0168a7b978be4c3447650b04
 CVE-2024-31082 (A heap-based buffer over-read vulnerability was found in the 
X.org ser ...)
        - xorg-server 2:21.1.11-3 (unimportant)
+       [bookworm] - xorg-server 2:21.1.7-3+deb12u7
+       [bullseye] - xorg-server 2:1.20.11-1+deb11u13
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c684d035c06fd41c727f0ef0744517580864cef
        NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html
        NOTE: Affects the XQuartz (X11 server and client libraries for macOS) 
component


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[12 Apr 2024] DSA-5657-1 xorg-server - security update
+       {CVE-2024-31080 CVE-2024-31081 CVE-2024-31083}
+       [bullseye] - xorg-server 2:1.20.11-1+deb11u13
+       [bookworm] - xorg-server 2:21.1.7-3+deb12u7
 [11 Apr 2024] DSA-5656-1 chromium - security update
        {CVE-2024-3157 CVE-2024-3515 CVE-2024-3516}
        [bookworm] - chromium 123.0.6312.122-1~deb12u1


=====================================
data/dsa-needed.txt
=====================================
@@ -96,9 +96,5 @@ webkit2gtk (berto)
 --
 wpa
 --
-xorg-server (carnil)
-  Regression by last round: 
https://gitlab.freedesktop.org/xorg/xserver/-/issues/1659
-  Holding back update until addressed, cf. #1068470
---
 zabbix
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44506406315b832ed6de260c1c8125bb87bdcf71

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44506406315b832ed6de260c1c8125bb87bdcf71
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to