Source: xorg-server Version: 2:1.16.4-1 Severity: grave Tags: upstream patch security Justification: user security hole
Hi, the following vulnerabilities were published for xorg-server, filling the bug to track it int the BTS. CVE-2017-10971[0]: | In the X.Org X server before 2017-06-19, a user authenticated to an X | Session could crash or execute code in the context of the X Server by | exploiting a stack overflow in the endianness conversion of X Events. CVE-2017-10972[1]: | Uninitialized data in endianness conversion in the XEvent handling of | the X.Org X Server before 2017-06-19 allowed authenticated malicious | users to access potentially privileged data from the X server. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-10971 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10971 [1] https://security-tracker.debian.org/tracker/CVE-2017-10972 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10972 [2] https://bugzilla.suse.com/show_bug.cgi?id=1035283 Could you please check back with team@s.d.o if those warrant a DSA. Regards, Salvatore _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
