Univention Bugzilla – Bug 57006
xorg-server: Multiple issues (5.0)
Last modified: 2024-01-31 15:39:44 CET
New Debian xorg-server 2:1.20.4-1+deb10u13 fixes: This update addresses the following issues: 2:1.20.4-1+deb10u13 (Thu, 25 Jan 2024 19:20:11 +0100) * Non-maintainer upload by the LTS team. * Xi: require a pointer and keyboard device for XIAttachToMaster * dix: allocate enough space for logical button maps (CVE-2023-6816) * dix: Allocate sufficient xEvents for our DeviceStateNotify (CVE-2024-0229) * dix: fix DeviceStateNotify event calculation (CVE-2024-0229) * Xi: when creating a new ButtonClass, set the number of buttons (CVE-2024-0229) * Xi: flush hierarchy events after adding/removing master devices (CVE-2024-21885) * Xi: do not keep linked list pointer during recursion (CVE-2024-21886) * dix: when disabling a master, float disabled slaved devices too (CVE-2024-21886) * ephyr,xwayland: Use the proper private key for cursor * glx: Call XACE hooks on the GLX buffer * dix: Fix use after free in input device shutdown
--- mirror/ftp/pool/main/x/xorg-server/xorg-server_1.20.4-1+deb10u12.dsc +++ apt/ucs_5.0-0-errata5.0-6/source/xorg-server_1.20.4-1+deb10u13.dsc @@ -1,3 +1,21 @@ +2:1.20.4-1+deb10u13 [Thu, 25 Jan 2024 19:20:11 +0100] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Xi: require a pointer and keyboard device for XIAttachToMaster + * dix: allocate enough space for logical button maps (CVE-2023-6816) + * dix: Allocate sufficient xEvents for our DeviceStateNotify (CVE-2024-0229) + * dix: fix DeviceStateNotify event calculation (CVE-2024-0229) + * Xi: when creating a new ButtonClass, set the number of buttons + (CVE-2024-0229) + * Xi: flush hierarchy events after adding/removing master devices + (CVE-2024-21885) + * Xi: do not keep linked list pointer during recursion (CVE-2024-21886) + * dix: when disabling a master, float disabled slaved devices too + (CVE-2024-21886) + * ephyr,xwayland: Use the proper private key for cursor + * glx: Call XACE hooks on the GLX buffer + * dix: Fix use after free in input device shutdown + 2:1.20.4-1+deb10u12 [Sun, 17 Dec 2023 13:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>: * Non-maintainer upload by the LTS Team. <http://piuparts.knut.univention.de/5.0-6/#526020864104610196>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-6] 365e175c6e Bug #57006: xorg-server 2:1.20.4-1+deb10u13 doc/errata/staging/xorg-server.yaml | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) [5.0-6] db46654952 Bug #57006: xorg-server 2:1.20.4-1+deb10u13 doc/errata/staging/xorg-server.yaml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x935>