Hi,
On Thu, Jan 18, 2024 at 02:30:08PM +0100, Salvatore Bonaccorso wrote:
> Source: xorg-server
> Version: 2:21.1.11-1
> Severity: important
> Tags: upstream
> X-Debbugs-Cc: car...@debian.org, jcris...@debian.org, a...@debian.org,
> t...@security.debian.org
>
> While
Source: xorg-server
Version: 2:21.1.11-1
Severity: important
Tags: upstream
X-Debbugs-Cc: car...@debian.org, jcris...@debian.org, a...@debian.org,
t...@security.debian.org
While preparing the update for xorg-server for bookworm an autopkgtest
regression in uqm was seen. The same is shown with the
Source: xorg-server
Version: 2:21.1.9-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1189
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2:21.1.7-3
Control: found -1 2:21.1.7-3+deb12u2
Control: found -1
Control: tags -1 + moreinfo
On Wed, Jun 21, 2023 at 08:18:59PM -0400, zezamoral wrote:
> Package: libx11-xcb1
> Version: 2:1.8.4-2+deb12u1
> Severity: normal
> X-Debbugs-Cc: sazamor...@gmail.com, t...@security.debian.org
>
> Dear Maintainer,
>
>* What led up to the situation?
> secur
Source: libx11
Source-Version: 2:1.8.6-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 16 Jun 2023 14:36:12 +0200
Source: libx11
Architecture: source
Version: 2:1.8.6-1
Distribution: unstable
Urgency: medium
Maintai
Source: libx11
Version: 2:1.8.4-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libx11.
CVE-2023-3138[0]:
| Buffer overflows in InitExt.c in libX11
If you fix the vulnerability please also make su
Source: renderdoc
Version: 1.24+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for renderdoc.
CVE-2023-33863[0]:
| integer overflow to heap-based buffer overflow
CVE-2023-33864[1]:
| int
Source: xorg-server
Version: 2:21.1.6-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2:1.20.11-1+deb11u4
Control: fixed -1 2:1.20.11-1+deb11u5
Hi,
The following vulnerability was published for xo
ad of gunzip
+ * debian/rules: configure: Set explicitly runtime paths for {,un}compress
+and gzip.
+
+ -- Salvatore Bonaccorso Mon, 16 Jan 2023 21:01:44 +0100
+
libxpm (1:3.5.12-1) unstable; urgency=medium
[ Andreas Boll ]
diff -u libxpm-3.5.12/debian/patches/series libxpm-3.5.12/debian/pa
Hi Timo,
On Wed, Dec 14, 2022 at 12:01:53PM +0200, Timo Aaltonen wrote:
> Salvatore Bonaccorso kirjoitti 14.12.2022 klo 11.42:
> > >
> > > btw, there's a typo in one of the CVE's, it's -46283 not -4283:
> > >
> > > https://lists.
hi Timo,
On Wed, Dec 14, 2022 at 11:28:39AM +0200, Timo Aaltonen wrote:
> Salvatore Bonaccorso kirjoitti 14.12.2022 klo 11.19:
> > Source: xorg-server
> > Version: 2:21.1.4-3
> > Severity: grave
> > Tags: security upstream
> > Justification: user security hole
&g
Source: xorg-server
Version: 2:21.1.4-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for xorg-server.
CVE-2022-4283[0]:
| xkb: reset the radio_groups pointer to NU
ixman-0.40.0/debian/changelog
--- pixman-0.40.0/debian/changelog
+++ pixman-0.40.0/debian/changelog
@@ -1,3 +1,11 @@
+pixman (0.40.0-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Avoid integer overflow leading to out-of-bounds write (CVE-2022-44638)
+(Closes: #1023427)
+
+ -- Salv
Source: pixman
Version: 0.40.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for pixman.
CVE-2022
Hi Emilio,
On Sat, Aug 06, 2022 at 11:25:10AM +0200, Emilio Pozuelo Monfort wrote:
> On 05/08/2022 16:41, Salvatore Bonaccorso wrote:
> > Hi Emilio,
> >
> > On Fri, Aug 05, 2022 at 10:17:16AM +0200, Salvatore Bonaccorso wrote:
> > > Hi Emilio
> > >
> &g
Hi Emilio,
On Fri, Aug 05, 2022 at 10:17:16AM +0200, Salvatore Bonaccorso wrote:
> Hi Emilio
>
> On Fri, Aug 05, 2022 at 10:13:45AM +0200, Emilio Pozuelo Monfort wrote:
> > Hi,
> >
> > I have prepared an update for xorg-server, addressing CVE-2022-2319 and
> > C
Hi Emilio
On Fri, Aug 05, 2022 at 10:13:45AM +0200, Emilio Pozuelo Monfort wrote:
> Hi,
>
> I have prepared an update for xorg-server, addressing CVE-2022-2319 and
> CVE-2022-2320. I have tested it on my development machine without any issues
> so far, and I'm not aware of any upstream regression
Source: xorg-server
Version: 2:21.1.3-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for xorg-server.
CVE-2022-2319[0]:
| ZDI-CAN-16062: X.Org Server ProcXkbSetGeo
Source: xterm
Version: 370-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for xterm.
CVE-2022-24130[0]:
| xterm through Patch 370, when Sixel support is enabled, allows
| attackers to trigger a bu
FTR, after the update in unstable of firefox-esr/91.2.0esr-1 the
behaviour is gone.
Regards,
Salvatore
Related: https://bugzilla.mozilla.org/show_bug.cgi?id=1678804
Hi,
On Fri, Sep 17, 2021 at 02:15:50PM +0200, Sylvain Tgz wrote:
> Hello,
>
> Thank you for your reply.
> I didn't know graphic rendering specificities of firefox. Thank you
> for the information.
>
> I opened the bug on libegl-mesa0 because it was the first packet of
> dependencies list.
> I us
Control: severity -1 grave
Hi,
On Tue, May 18, 2021 at 09:13:18PM +0200, Salvatore Bonaccorso wrote:
> Source: libx11
> Version: 2:1.7.0-2
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
>
> Hi,
>
> T
Source: libx11
Version: 2:1.7.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libx11.
CVE-2021-31535[0]:
| Missing request length checks
If you fix the vulnerability please also make sure to
Source: linux
Source-Version: 3.8-1~experimental.1
On Fri, Dec 14, 2012 at 01:56:38AM -0500, P. J. McDermott wrote:
> On 2012-12-13 13:27, Jonathan Nieder wrote:
> > [...]
> >
> > Thanks for the offer. Since then, upstream has found a fix.
> >
> > | commit c7f7dd61fd07dbf938fc6ba711de07986d35ce
Control: retitle -1 Black screen at dual monitor with warn from
i915_gem_ww_ctx_backoff
Control: reassign -1 src:mesa 20.3.4-1
Control: forwarded -1 https://gitlab.freedesktop.org/mesa/mesa/-/issues/790
Hi,
On Mon, Mar 08, 2021 at 09:42:04PM +0100, Gert van de Kraats wrote:
> because wayland its
Control: tags -1 + fixed-upstream
Hi,
On Wed, Feb 10, 2021 at 11:28:43AM +0100, Salvatore Bonaccorso wrote:
> Source: xterm
> Version: 365-1
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
>
> Hi
>
> See
Source: xterm
Version: 365-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi
See https://www.openwall.com/lists/oss-security/2021/02/09/7 which was
a followup to the screen issue.
Upstream said that there will be shortly a patch released (#36
Source: xorg-server
Version: 2:1.20.4-1+deb10u1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2:1.20.4-1
Control: found -1 2:1.20.8-2
Control: found -1 2:1.20.9-2
Hi,
The following vulnerabilities were published for xorg-server.
Source: xorg-server
Version: 2:1.20.8-2
Severity: serious
Justification: FTBFS
X-Debbugs-Cc: car...@debian.org
Hi
When trying to build xorg-server 2:1.20.8-2 in unstable, the build
fails (on configure already) with:
configure: error: Xwayland build explicitly requested, but required modules not
Source: libx11
Version: 2:1.6.10-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libx11.
CVE-2020-14363[0]:
| Double free in libX11 locale handling code
If you fix the vulnerability please als
Source: xorg-server
Version: 2:1.20.8-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2:1.20.4-1
Hi,
The following vulnerability was published for xorg-server, filling the
bug for tracking.
CVE-2020-14347[0]:
| A flaw was fou
Source: libinput
Version: 1.12.6-2
Severity: normal
Tags: upstream fixed-upstream
Forwarded: https://gitlab.freedesktop.org/libinput/libinput/issues/291
Control: fixed -1 1.13.4-1
Hi
libinput has an issue which was reported upstream in
https://gitlab.freedesktop.org/libinput/libinput/issues/291 a
Source: mesa
Version: 19.2.1-1
Severity: important
Tags: security upstream
Forwarded:
https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
Control: found -1 19.2.3-1
Hi,
The following vulnerability was published for mesa.
CVE-2019-5068[0]:
| An exploitable shared memory per
Source: wayland
Version: 1.15.0-1
Severity: normal
Hi
Please include the debian/changelog entry for the 1.14.0-2. Cf.
#892031 for details (the BTS version tracking got confused). As the
issue was fixed as well in 1.15.0-1 this information is adapted in the
bug metadata, but would be nice to not l
Hi Héctor,
On Sun, Mar 04, 2018 at 12:37:38PM +0100, Héctor Orón Martínez wrote:
> Hello,
>
> I plan to fix the CVE issue in stable and oldstable:
> -
> https://salsa.debian.org/xorg-team/wayland/wayland/commit/2471b0463e9395bd981f8b875e3280f1fc6b995f
> -
> https://salsa.debian.org/xorg-tea
Hi Julien,
On Tue, Dec 12, 2017 at 11:33:41PM -0600, Julien Cristau wrote:
> FYI. libwayland-cursor0 has a bunch of reverse deps in stretch so this
> may be of interest, though I'm not sure in which cases there's a
> security boundary being crossed. (And we should fix this in sid in any
> case.)
Source: wayland
Version: 1.6.0-1
Severity: important
Tags: patch security upstream
Forwarded: https://bugs.freedesktop.org/show_bug.cgi?id=103961
Hi,
the following vulnerability was published for wayland.
CVE-2017-16612[0]:
| libXcursor before 1.1.15 has various integer overflows that could lead
Source: libxfont
Version: 1:2.0.1-1
Severity: important
Tags: patch security upstream
Hi,
the following vulnerability was published for libxfont.
CVE-2017-16611[0]:
| In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker
| can open (but not read) files on the system as root, trig
cious files (CVE-2017-16612)
+(Closes: #883792)
+
+ -- Salvatore Bonaccorso Sat, 09 Dec 2017 08:45:47 +0100
+
libxcursor (1:1.1.14-3) unstable; urgency=medium
* Team upload.
diff -Nru libxcursor-1.1.14/debian/patches/Fix-heap-overflows-when-parsing-malicious-files.-CVE.patch libxcursor-1
Source: libxcursor
Version: 1:1.1.14-1
Severity: important
Tags: patch security upstream
Hi,
the following vulnerability was published for libxcursor.
CVE-2017-16612[0]:
| libXcursor before 1.1.15 has various integer overflows that could lead
| to heap buffer overflows when processing malicious
Source: xorg-server
Version: 2:1.16.4-1
Severity: grave
Tags: upstream patch security
Justification: user security hole
Hi,
the following vulnerabilities were published for xorg-server, filling
the bug to track it int the BTS.
CVE-2017-10971[0]:
| In the X.Org X server before 2017-06-19, a user
Source: libxdmcp
Version: 1:1.1.1-1
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for libxdmcp.
CVE-2017-2625[0]:
Weak entropy usage for session keys in libxdm
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabiliti
Source: libice
Version: 2:1.0.9-1
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for libice.
CVE-2017-2626[0]:
Weak Entropy Usage in Session Keys in libICE
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities &
Source: xorg-server
Version: 2:1.16.4-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for xorg-server.
CVE-2017-2624[0]:
Timing attack against MIT Cookie
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & E
Source: libxvmc
Version: 2:1.0.8-2
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for libxvmc.
CVE-2016-7953[0]
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Source: libxtst
Version: 2:1.2.2-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerabilities were published for libxtst.
CVE-2016-7951[0]:
for all of the integer overflows
CVE-2016-7952[1]:
for all of the other mishandling of the reply data
If you fix the vulnerabilit
Control: retitle -1 840443 CVE-2016-7949 CVE-2016-7950
there are actually two CVEs for libxrender. retitling. Reference in
security tracker under
https://security-tracker.debian.org/tracker/CVE-2016-7950
Source: libxrender
Version: 1:0.9.8-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for libxrender.
CVE-2016-7949[0]
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog
Source: libxfixes
Version: 1:5.0.2-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for libxfixes.
CVE-2016-7944[0]
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog en
Source: libxrandr
Version: 2:1.4.2-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerabilities were published for libxrandr.
CVE-2016-7947[0]:
for all of the integer overflows
CVE-2016-7948[1]:
for all of the other mishandling of the reply data
If you fix the vulnerab
Source: libxi
Version: 2:1.7.4-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerabilities were published for libxi.
CVE-2016-7945[0]:
or all of the integer overflows
CVE-2016-7946[1]:
for all of the other mishandling of the reply data
Note there is an regression in t
Source: libx11
Version: 2:1.6.2-3
Severity: important
Tags: security upstream patch
Hi,
the following vulnerabilities were published for libx11.
CVE-2016-7942[0], CVE-2016-7943[1].
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids i
Source: libxv
Version: 2:1.0.10-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for libxv.
CVE-2016-5407[0]:
|Insufficient validation of server responses results in out-of bounds
|accesses
If you fix the vulnerability please also make sure to in
Source: xorg-server
Version: 2:1.16.4-1
Severity: grave
Tags: security upstream fixed-upstream
Hi Debian X Strike Force,
the following vulnerability was published for xorg-server. Note, not
sure on the severity here, so please feel free to downgrade lesser
severity if you disagree.
CVE-2015-3164
55 matches
Mail list logo