[ubuntu/groovy-proposed] xorg-server 2:1.20.8-2ubuntu5 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Sep 2 14:31:14 UTC 2020


xorg-server (2:1.20.8-2ubuntu5) groovy; urgency=medium

  * SECURITY UPDATE: Integer underflow in the X input extension protocol
    - debian/patches/CVE-2020-14346.patch: properly calculate length in
      Xi/xichangehierarchy.c.
    - CVE-2020-14346
  * SECURITY UPDATE: server memory leak
    - debian/patches/CVE-2020-14347.patch: initialize memory in
      dix/pixmap.c.
    - CVE-2020-14347
  * SECURITY UPDATE: Integer Underflow Privilege Escalation
    - debian/patches/CVE-2020-14361.patch: fix dataLeft calculation in
      xkb/xkbSwap.c.
    - CVE-2020-14361
  * SECURITY UPDATE: Integer Underflow Privilege Escalation
    - debian/patches/CVE-2020-14362.patch: properly calculate lengths in
      record/record.c.
    - CVE-2020-14362
  * debian/control: add libffi-dev to Build-Depends to fix FTBFS.

Date: Wed, 02 Sep 2020 09:55:00 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu X-SWAT <ubuntu-x at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.8-2ubuntu5
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 02 Sep 2020 09:55:00 -0400
Source: xorg-server
Architecture: source
Version: 2:1.20.8-2ubuntu5
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu X-SWAT <ubuntu-x at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 xorg-server (2:1.20.8-2ubuntu5) groovy; urgency=medium
 .
   * SECURITY UPDATE: Integer underflow in the X input extension protocol
     - debian/patches/CVE-2020-14346.patch: properly calculate length in
       Xi/xichangehierarchy.c.
     - CVE-2020-14346
   * SECURITY UPDATE: server memory leak
     - debian/patches/CVE-2020-14347.patch: initialize memory in
       dix/pixmap.c.
     - CVE-2020-14347
   * SECURITY UPDATE: Integer Underflow Privilege Escalation
     - debian/patches/CVE-2020-14361.patch: fix dataLeft calculation in
       xkb/xkbSwap.c.
     - CVE-2020-14361
   * SECURITY UPDATE: Integer Underflow Privilege Escalation
     - debian/patches/CVE-2020-14362.patch: properly calculate lengths in
       record/record.c.
     - CVE-2020-14362
   * debian/control: add libffi-dev to Build-Depends to fix FTBFS.
Checksums-Sha1:
 58a69705523554b887bbe87e5533481ec389e4e3 4563 xorg-server_1.20.8-2ubuntu5.dsc
 5f8c0ad63c22b4fb9439df47ec93a11254b96205 218929 xorg-server_1.20.8-2ubuntu5.diff.gz
 623b6abbf60e2fcc59ef49b4ae89e1d55ee52d1b 11950 xorg-server_1.20.8-2ubuntu5_source.buildinfo
Checksums-Sha256:
 0f6e01be9aad01244c00c8612fc6ece955c44a673d1e8881267498ef2a12d07e 4563 xorg-server_1.20.8-2ubuntu5.dsc
 9f5f24f713fbb8e88cac781bc3ae0cd4e9ab3aa80b715e6c4b8d7ed85bdd8e0e 218929 xorg-server_1.20.8-2ubuntu5.diff.gz
 85ce8d245b2ef9cf07b6b7d13a2cc9ac188a5703978830fcd503d5f292750d6f 11950 xorg-server_1.20.8-2ubuntu5_source.buildinfo
Files:
 83c9d9838946cbfcbc9265683d08f71a 4563 x11 optional xorg-server_1.20.8-2ubuntu5.dsc
 23c9790ac2cc185a3f37a183feba7539 218929 x11 optional xorg-server_1.20.8-2ubuntu5.diff.gz
 4427e974d8d75cf8a49babd6fa9de906 11950 x11 optional xorg-server_1.20.8-2ubuntu5_source.buildinfo
Original-Maintainer: Debian X Strike Force <debian-x at lists.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl9Pq8cACgkQZWnYVadE
vpP0Eg/+JnuqMgstNcRAA12qwipyTri94TwqcLVv2mVRRc9Z098LuzNlViM7M2S2
c8Cs88rMpIDy5Rqy7t5TLcmVmOTOtDkn33UqvnodH3ZjzbYbPahlQhYb+2CYSmaC
XC/hecdR/L8nsQXpTBdedA/4Wdoa1nwuJhCv618Yj1w5WciwpXxJuTlzMGBRMaft
zqSR2NDVhHAf5fykAEpS66BoM8NJPCC1u+HX9uZYdKlHzyjpBmVpDkpnaZn9BwWV
I6jZCi+QpOkfV/RrKXvD/M+YBkIc+yBq3dNj93qpNCR3bprh/gmouxpYEnwnbDrX
x4JuE3EN32sRNOjlcDF2IhrkVqF+cgOFLZZdD9p0tWtAZgRzlII3+e1FC0SlEsKI
erSpuoGu8DV11anRo3kOakkBLfLOMK1CDtYrExI/8IUc7cVqNKsm20UTqrfWJU0a
ZX4FU5sTbTLsQeGWypU/PYofPVtHMvdtEe8DPC+nfXCU+EOeru+uUjFCauzORcFM
5/BRctZkhFwPnrg4o1aIn2V8tlTlBocaD3eTl/fXq2byT07fAxccUxqNFtwtvmip
+UFgfp0wv0Es9ypZwd2ch18AMrat4qLG5yeqx8LMm29Tw3g17uYlI/iQSxyiw6kn
xVK/fkuZ1hIsAXLlGTDnlKF3UTLf6iGdAKnkwK6IweUsDmVOTNs=
=mHez
-----END PGP SIGNATURE-----


More information about the Groovy-changes mailing list