[Git][security-tracker-team/security-tracker][master] Demote all (old) new xkbcomp issues to unimportant

Salvatore Bonaccorso (@carnil) Tue, 02 Dec 2025 23:42:43 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0882485e by Salvatore Bonaccorso at 2025-12-03T08:42:16+01:00
Demote all (old) new xkbcomp issues to unimportant

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -577513,13 +577513,12 @@ CVE-2018-15863 (Unchecked NULL pointer usage in 
ResolveStateAndPredicate in xkbc
        - libxkbcommon 0.8.2-1 (low; bug #907302)
        [stretch] - libxkbcommon <ignored> (Minor issue)
        [jessie] - libxkbcommon <no-dsa> (Minor issue)
-       - x11-xkb-utils <unfixed>
-       [trixie] - x11-xkb-utils <no-dsa> (Minor issue)
-       [bookworm] - x11-xkb-utils <no-dsa> (Minor issue)
+       - x11-xkb-utils <unfixed> (unimportant)
        NOTE: 
https://github.com/xkbcommon/libxkbcommon/commit/96df3106d49438e442510c59acad306e94f3db4d
        NOTE: 
https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/12/03/1
        NOTE: 
https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/fa10dbc2ca8bcb45bcecb433520de755e628ca91
+       NOTE: For x11-xkb-utils/xkbcomp negligible security impact, crash in 
CLI tool
 CVE-2018-15862 (Unchecked NULL pointer usage in LookupModMask in 
xkbcomp/expr.c in xkb ...)
        - libxkbcommon 0.8.2-1 (low; bug #907302)
        [stretch] - libxkbcommon <ignored> (Minor issue)
@@ -577530,26 +577529,24 @@ CVE-2018-15861 (Unchecked NULL pointer usage in 
ExprResolveLhs in xkbcomp/expr.c
        - libxkbcommon 0.8.2-1 (low; bug #907302)
        [stretch] - libxkbcommon <ignored> (Minor issue)
        [jessie] - libxkbcommon <no-dsa> (Minor issue)
-       - x11-xkb-utils <unfixed>
-       [trixie] - x11-xkb-utils <no-dsa> (Minor issue)
-       [bookworm] - x11-xkb-utils <no-dsa> (Minor issue)
+       - x11-xkb-utils <unfixed> (unimportant)
        NOTE: 
https://github.com/xkbcommon/libxkbcommon/commit/38e1766bc6e20108948aec8a0b222a4bad0254e9
        NOTE: 
https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/12/03/1
        NOTE: 
https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/c342635409cd687da0eda323ef4f165b11565052
+       NOTE: For x11-xkb-utils/xkbcomp negligible security impact, crash in 
CLI tool
 CVE-2018-15860
        RESERVED
 CVE-2018-15859 (Unchecked NULL pointer usage when parsing invalid atoms in 
ExprResolve ...)
        - libxkbcommon 0.8.2-1 (low; bug #907302)
        [stretch] - libxkbcommon <ignored> (Minor issue)
        [jessie] - libxkbcommon <no-dsa> (Minor issue)
-       - x11-xkb-utils <unfixed>
-       [trixie] - x11-xkb-utils <no-dsa> (Minor issue)
-       [bookworm] - x11-xkb-utils <no-dsa> (Minor issue)
+       - x11-xkb-utils <unfixed> (unimportant)
        NOTE: 
https://github.com/xkbcommon/libxkbcommon/commit/bb4909d2d8fa6b08155e449986a478101e2b2634
        NOTE: 
https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/12/03/1
        NOTE: 
https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/895e080b237e346a43a31edf9dee6143c2abf230
+       NOTE: For x11-xkb-utils/xkbcomp negligible security impact, crash in 
CLI tool
 CVE-2018-15858 (Unchecked NULL pointer usage when handling invalid aliases in 
CopyKeyA ...)
        - libxkbcommon 0.8.2-1 (low; bug #907302)
        [stretch] - libxkbcommon <ignored> (Minor issue)
@@ -577584,13 +577581,12 @@ CVE-2018-15853 (Endless recursion exists in 
xkbcomp/expr.c in xkbcommon and libx
        - libxkbcommon 0.8.2-1 (low; bug #907302)
        [stretch] - libxkbcommon <ignored> (Minor issue)
        [jessie] - libxkbcommon <no-dsa> (Minor issue)
-       - x11-xkb-utils <unfixed>
-       [trixie] - x11-xkb-utils <no-dsa> (Minor issue)
-       [bookworm] - x11-xkb-utils <no-dsa> (Minor issue)
+       - x11-xkb-utils <unfixed> (unimportant)
        NOTE: 
https://github.com/xkbcommon/libxkbcommon/commit/1f9d1248c07cda8aaff762429c0dce146de8632a
        NOTE: 
https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/12/03/1
        NOTE: 
https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/da836764573298c53c625c6c237ab5211b2d3adf
+       NOTE: For x11-xkb-utils/xkbcomp negligible security impact
 CVE-2018-15852 (Technicolor TC7200.20 devices allow remote attackers to cause 
a denial ...)
        NOT-FOR-US: Technicolor
 CVE-2018-15851 (An issue was discovered in Flexo CMS v0.1.6. There is a CSRF 
vulnerabi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0882485e9648b29a5119fcf0a20e64077d1c732a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0882485e9648b29a5119fcf0a20e64077d1c732a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Demote all (old) new xkbcomp issues to unimportant

Reply via email to