Debian Bug report logs -
Maintainer for src:xorg-server is Debian X Strike Force <debian-x@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 25 Aug 2020 12:33:00 UTC
Tags: security, upstream
Found in v ...
Allocation for pixmap data in AllocatePixmap() does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients When the X server runs with elevated privileges
This flaw can lead to ASLR bypass, which when combined with other flaws (known/unknown) could lead to lead to privilege elevation in the client ...
Several vulnerabilities have been discovered in the XOrg X server
Missing input sanitising in X server extensions may result in local
privilege escalation if the X server is configured to run with root
privileges In addition an ASLR bypass was fixed
For the stable distribution (buster), these problems have been fixed in
version 2:1204-1+deb10 ...