Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

xorg-server: CVE-2023-0494

Related Vulnerabilities: CVE-2023-0494  

Source

Debian Bug report logs - #1030777
xorg-server: CVE-2023-0494

version graph

Package: src:xorg-server; Maintainer for src:xorg-server is Debian X Strike Force <debian-x@lists.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Tue, 7 Feb 2023 12:45:02 UTC

Severity: grave

Tags: security, upstream

Found in versions xorg-server/2:21.1.6-1, xorg-server/2:1.20.11-1+deb11u4

Fixed in versions xorg-server/2:1.20.11-1+deb11u5, xorg-server/2:21.1.7-1

Done: Julien Cristau <jcristau@debian.org>

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#1030777; Package src:xorg-server. (Tue, 07 Feb 2023 12:45:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Debian X Strike Force <debian-x@lists.debian.org>. (Tue, 07 Feb 2023 12:45:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: xorg-server: CVE-2023-0494
Date: Tue, 07 Feb 2023 13:41:07 +0100
Source: xorg-server
Version: 2:21.1.6-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 2:1.20.11-1+deb11u4
Control: fixed -1 2:1.20.11-1+deb11u5

Hi,

The following vulnerability was published for xorg-server.

CVE-2023-0494[0]:
| Xi: fix potential use-after-free in DeepCopyPointerClasses

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-0494
    https://www.cve.org/CVERecord?id=CVE-2023-0494
[1] https://gitlab.freedesktop.org/xorg/xserver/commit/0ba6d8c37071131a49790243cdac55392ecf71ec

Regards,
Salvatore

Marked as found in versions xorg-server/2:1.20.11-1+deb11u4. Request was from Salvatore Bonaccorso <carnil@debian.org> to submit@bugs.debian.org. (Tue, 07 Feb 2023 12:45:05 GMT) (full text, mbox, link).

Marked as fixed in versions xorg-server/2:1.20.11-1+deb11u5. Request was from Salvatore Bonaccorso <carnil@debian.org> to submit@bugs.debian.org. (Tue, 07 Feb 2023 12:45:06 GMT) (full text, mbox, link).

Reply sent to Julien Cristau <jcristau@debian.org>:
You have taken responsibility. (Tue, 07 Feb 2023 13:39:06 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Tue, 07 Feb 2023 13:39:06 GMT) (full text, mbox, link).

Message #14 received at 1030777-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 1030777-close@bugs.debian.org
Subject: Bug#1030777: fixed in xorg-server 2:21.1.7-1
Date: Tue, 07 Feb 2023 13:35:27 +0000
Source: xorg-server
Source-Version: 2:21.1.7-1
Done: Julien Cristau <jcristau@debian.org>

We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1030777@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Cristau <jcristau@debian.org> (supplier of updated xorg-server package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 07 Feb 2023 14:15:45 +0100
Source: xorg-server
Architecture: source
Version: 2:21.1.7-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Closes: 1030777
Changes:
 xorg-server (2:21.1.7-1) unstable; urgency=medium
 .
   * New upstream release
     + Xi: fix potential use-after-free in DeepCopyPointerClasses
       (CVE-2023-0494, closes: #1030777)
Checksums-Sha1:
 d6c7fecdcca21d6554a6fb937ee5685b60396c92 4236 xorg-server_21.1.7-1.dsc
 64a134919cf467cc404ce45871376cd6abb6cc8c 8922821 xorg-server_21.1.7.orig.tar.gz
 2c653f19796de73f9cbaf466658803d47070ced8 195 xorg-server_21.1.7.orig.tar.gz.asc
 21a0948b390d603abe75888396a8d48fc16cf389 168149 xorg-server_21.1.7-1.diff.gz
Checksums-Sha256:
 df6c9c0f253fe2203454e8eae6b02464256fe99785527f1e80981660230edb6d 4236 xorg-server_21.1.7-1.dsc
 1a9005f47c7ea83645a977581324439628a32c4426303e5a4b9c2d6615becfbf 8922821 xorg-server_21.1.7.orig.tar.gz
 2f2113fe0866694084e952c7699a689d1fa0feefd1cc8492d79db432604246c4 195 xorg-server_21.1.7.orig.tar.gz.asc
 ed25018f392feb25e2e1224b4939f86fb22e14c27e3970ec4cdb23fb1fa9e380 168149 xorg-server_21.1.7-1.diff.gz
Files:
 35248e4cf6fe4860d754a2b31679932d 4236 x11 optional xorg-server_21.1.7-1.dsc
 9c9b0375cb17ad8b4a79f9dd9efc58d0 8922821 x11 optional xorg-server_21.1.7.orig.tar.gz
 3d6b4c2abedbcbd6cd7f071d74c56e5d 195 x11 optional xorg-server_21.1.7.orig.tar.gz.asc
 852848b3e48f01436b09611f5cfe8866 168149 x11 optional xorg-server_21.1.7-1.diff.gz

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAmPiTzIUHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z60lyRAAlLifsxvnfmavQhguxskkeDbCjOsc
AeONIrs47B4UOWjo4+u8g7bwWH6+F5sppmcHUdb2H7q1jRuErKqPV29rkBWsYmo7
GuSwnKs/73OZ/ghn6NSNGbZkun+hvtiKrNHmWwWw4C9P/W/6BA4OyGTzTl7E4Spm
Q5sRvvtBPUYwsZ7FP/KRYu1Dv7fVljrijNXNhmVz3X7mR1W7m0kZ1jd6gtM/Qw/P
+n79YAj2FbqQWLuI8vabwSV5d0qKHOITkh67K2yYiu9bFGMN6JiYE7Tca5p29yVB
EJTBpiRT3mRHIutB/u6QqadUQ+bVdcg81F2BxVKSwTQcVa21fxySgoVxjzTQ4AeR
9LzetrXK36RmleV9ZK/S1pW5hZp9t1siQlxNUVv8NDESj9FxenE97mv1B6B7TLHj
+BMNhUj8y0Z0PE7Bi1U16DHFvGx/7Q7IoQJCdQFLQj2V0U5ARbuI6zTB5sTtjgV2
3LOWvTHnoWV5NpA/E7URPTKL70oUHZn58WNM9ahBjOK86PFFlVqWC4aXt2YcXe53
nBf5O93tF7aNNuNqMpZf9IqGu+TFSXnx5rIfxvUSZgjucKx00H+Og8oFT+RNObkR
llPYHs1Pn8EUHC/JIO9+ySA6U5DAN3YXjggGdj39mR2cHC6dB0zC9NgenZ1Zb1r3
kr43wLeLiKkd7GU=
=2uvx
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Feb 8 13:06:52 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started