[ubuntu/jammy-proposed] xorg-server 2:1.20.13-1ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Dec 14 17:56:15 UTC 2021


xorg-server (2:1.20.13-1ubuntu2) jammy; urgency=medium

  * SECURITY UPDATE: SProcRenderCompositeGlyphs out-of-bounds access
    - debian/patches/CVE-2021-4008.patch: check lengths in render/render.c.
    - CVE-2021-4008
  * SECURITY UPDATE: SProcXFixesCreatePointerBarrier out-of-bounds access
    - debian/patches/CVE-2021-4009.patch: use sizes in xfixes/cursor.c.
    - CVE-2021-4009
  * SECURITY UPDATE: SProcScreenSaverSuspend out-of-bounds access
    - debian/patches/CVE-2021-4010.patch: fix logic in Xext/saver.c.
    - CVE-2021-4010
  * SECURITY UPDATE: SwapCreateRegister out-of-bounds access
    - debian/patches/CVE-2021-4011.patch: fix length in record/record.c.
    - CVE-2021-4011

Date: Tue, 14 Dec 2021 11:11:36 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu X-SWAT <ubuntu-x at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.13-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Tue, 14 Dec 2021 11:11:36 -0500
Source: xorg-server
Built-For-Profiles: noudeb
Architecture: source
Version: 2:1.20.13-1ubuntu2
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu X-SWAT <ubuntu-x at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 xorg-server (2:1.20.13-1ubuntu2) jammy; urgency=medium
 .
   * SECURITY UPDATE: SProcRenderCompositeGlyphs out-of-bounds access
     - debian/patches/CVE-2021-4008.patch: check lengths in render/render.c.
     - CVE-2021-4008
   * SECURITY UPDATE: SProcXFixesCreatePointerBarrier out-of-bounds access
     - debian/patches/CVE-2021-4009.patch: use sizes in xfixes/cursor.c.
     - CVE-2021-4009
   * SECURITY UPDATE: SProcScreenSaverSuspend out-of-bounds access
     - debian/patches/CVE-2021-4010.patch: fix logic in Xext/saver.c.
     - CVE-2021-4010
   * SECURITY UPDATE: SwapCreateRegister out-of-bounds access
     - debian/patches/CVE-2021-4011.patch: fix length in record/record.c.
     - CVE-2021-4011
Checksums-Sha1:
 382b836cf655ad9a7dd67cf24868138e83fe29c4 4455 xorg-server_1.20.13-1ubuntu2.dsc
 3385de33f756be22535a6a4b8f590955d883218e 224852 xorg-server_1.20.13-1ubuntu2.diff.gz
 e9379654cd37353cee1f9231120b82c2bf877b73 12128 xorg-server_1.20.13-1ubuntu2_source.buildinfo
Checksums-Sha256:
 d418217d1fb32fa3e4b78ad6d250afc6e5d7e7f165cd591cb649ca67e88ca8e7 4455 xorg-server_1.20.13-1ubuntu2.dsc
 c39bdc00c5c50a3bede38eb54d45dd2d884a8d645d875a8137c66ec55768492b 224852 xorg-server_1.20.13-1ubuntu2.diff.gz
 1533cccd2ca22e57b93f325718269f69f14f7af34f29a5bde70aa7d7c9845d30 12128 xorg-server_1.20.13-1ubuntu2_source.buildinfo
Files:
 2b24911dc6ace54ae895817c96ea5894 4455 x11 optional xorg-server_1.20.13-1ubuntu2.dsc
 16e585ff39cca0470ffb11b8a638d7b4 224852 x11 optional xorg-server_1.20.13-1ubuntu2.diff.gz
 1d736e3c8354c19679e7a01ff977ad67 12128 x11 optional xorg-server_1.20.13-1ubuntu2_source.buildinfo
Original-Maintainer: Debian X Strike Force <debian-x at lists.debian.org>


More information about the jammy-changes mailing list