Your message dated Tue, 29 Oct 2024 21:38:23 +0000
with message-id <e1t5tux-007wkt...@fasolo.debian.org>
and subject line Bug#1086244: fixed in xorg-server 2:21.1.14-1
has caused the Debian Bug report #1086244,
regarding xorg-server: CVE-2024-9632
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1086244: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086244
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: xorg-server
Version: 2:21.1.13-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: Julien Cristau <jcris...@debian.org>, car...@debian.org, Debian
Security Team <t...@security.debian.org>
Control: found -1 2:21.1.7-3+deb12u7
Control: found -1 2:21.1.7-1
Control: fixed -1 2:21.1.7-3+deb12u8
Control: clone -1 -2
Control: reassign -2 src:xwayland 2:24.1.3-1
Control: severity -2 important
Control: retitle -2 xwayland: CVE-2024-9632
Hi,
The following vulnerability was published for xorg-server.
CVE-2024-9632[0]:
| xkb: Fix buffer overflow in _XkbSetCompatMap()
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-9632
https://www.cve.org/CVERecord?id=CVE-2024-9632
[1]
https://gitlab.freedesktop.org/xorg/xserver/-/commit/85b776571487f52e756f68a069c768757369bfe3
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: xorg-server
Source-Version: 2:21.1.14-1
Done: Julien Cristau <jcris...@debian.org>
We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1086...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julien Cristau <jcris...@debian.org> (supplier of updated xorg-server package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 29 Oct 2024 17:25:14 +0100
Source: xorg-server
Architecture: source
Version: 2:21.1.14-1
Distribution: unstable
Urgency: high
Maintainer: Debian X Strike Force <debia...@lists.debian.org>
Changed-By: Julien Cristau <jcris...@debian.org>
Closes: 1086244
Changes:
xorg-server (2:21.1.14-1) unstable; urgency=high
.
* New upstream release
+ CVE-2024-9632: Heap-based buffer overflow privilege escalation in
_XkbSetCompatMap (closes: #1086244)
Checksums-Sha1:
9c64a56d90515428d654dfc8161f2bfe3e296329 4253 xorg-server_21.1.14-1.dsc
ef65922c7f652da740055bef600ab32226aa1083 8943244
xorg-server_21.1.14.orig.tar.gz
7044d5f1d68517ca230d15a9d35555fddf666b86 195
xorg-server_21.1.14.orig.tar.gz.asc
dd929910e4efab065816c9d471ede47b3391c9e7 177477 xorg-server_21.1.14-1.diff.gz
Checksums-Sha256:
6c2487c20f4ecf463b03a44c7a21f2975133b09c5e0353630a15bf5f8f8d60df 4253
xorg-server_21.1.14-1.dsc
b79dbaf668c67da25c4eb5b395eec60f2593240519aefdd3e8645023ef46226f 8943244
xorg-server_21.1.14.orig.tar.gz
990d81ff2be014b3d9a68c5b4b87865b0ea4d01a7d77422f9273d4605206c49e 195
xorg-server_21.1.14.orig.tar.gz.asc
5c6a36b1276774bda306be3459f656ba5b67d7fa4d00c3abf0a4653d8a73500d 177477
xorg-server_21.1.14-1.diff.gz
Files:
43386c9f2ae3696396cf04931123af77 4253 x11 optional xorg-server_21.1.14-1.dsc
9fd19035d832f7afed87a0ac152cff72 8943244 x11 optional
xorg-server_21.1.14.orig.tar.gz
20b8f3f62c490aef381036011841ff1f 195 x11 optional
xorg-server_21.1.14.orig.tar.gz.asc
3b1f14efcea78b913fb27471c42744fa 177477 x11 optional
xorg-server_21.1.14-1.diff.gz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAmchFB8UHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z60T5Q/+JjvSGc5qat0Lq0EKXKnNv/3Fuf/q
FavmRBS9PrY6y2rrJ7Lgbl3AK1FQ+gYw+pVMv6KoRsqO/N+L9y3oX/bQ8XrYDKC7
VpQ+ipxzPpbKLactrrfQO4/NiGsLzbokcdqEw428Kzl5lES+NfJp9HwhJ3qaN/OW
ytoouCfUf9bVjxxPBEE7qrQLtoeyYe5v1nmjijpmcGrVqAFzlsqVL10rqVTIQb0A
jJ0izh9Igrt8gSF6/ympUzfE1cUh9hxdEYEVr+N2v1ZHs/rqc7KIp9wTysZHbbiJ
xoc8Qk5BjCMe+jlcsI9piBDqJHQDru4xkh34gsX7t2Q59d3YxIvqKa+jIqR9uRNG
2QKoKkW0QqFPQTC8ORvLSuT8M5drslML8P739VyqqmPY8+ksyNjg7rXpNG3TTNCO
EubKN898D3z/4vx+36YYeBAzmRL+Y2Mwzx2ADXcDfa1ta7H+qph4Ru4ny8VstEpC
Iex7cw6Qb7CqxtgulBthZIeugekfC4Y9MunERB9+nZUM0G/2S0VkJQa4A5VCGMK2
v9ZWP0sry5RO/zt7VXEIRuF8fUWeD1ZDsS3z5X8/RWuSGb4UT2Ifnpwn9ICaP8rv
4wpVcKZgsdqTyfm/3Ebyr2HcolnTMqdIo1Auz9hHzubIXkkf5RawWuA9bY3auEn/
M6lWv/v6fR3sn+M=
=jdMq
-----END PGP SIGNATURE-----
pgpaD9exfKTsK.pgp
Description: PGP signature
--- End Message ---
