Format: 1.8 Date: Mon, 15 Jan 2024 10:45:41 -0500 Source: xorg-server Binary: xnest xserver-xephyr xserver-xorg-core xserver-xorg-dev xserver-xorg-legacy xvfb Built-For-Profiles: noudeb Architecture: ppc64el ppc64el_translations Version: 2:21.1.4-2ubuntu1.7~22.04.7 Distribution: jammy Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: xnest - Nested X server xserver-xephyr - nested X server xserver-xorg-core - Xorg X server - core server xserver-xorg-dev - Xorg X server - development files xserver-xorg-legacy - setuid root Xorg server wrapper xvfb - Virtual Framebuffer 'fake' X server Changes: xorg-server (2:21.1.4-2ubuntu1.7~22.04.7) jammy-security; urgency=medium . * SECURITY UPDATE: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer - debian/patches/CVE-2023-6816.patch: allocate enough space for logical button maps in Xi/xiquerypointer.c, dix/enterleave.c. - CVE-2023-6816 * SECURITY UPDATE: Reattaching to different master device may lead to out-of-bounds memory access - debian/patches/CVE-2024-0229-1.patch: allocate sufficient xEvents for our DeviceStateNotify in dix/enterleave.c. - debian/patches/CVE-2024-0229-2.patch: fix DeviceStateNotify event calculation in dix/enterleave.c. - debian/patches/CVE-2024-0229-3.patch: when creating a new ButtonClass, set the number of buttons in Xi/exevents.c. - debian/patches/CVE-2024-0229-4.patch: require a pointer and keyboard device for XIAttachToMaster in Xi/xichangehierarchy.c. - CVE-2024-0229 * SECURITY UPDATE: SELinux unlabeled GLX PBuffer - debian/patches/CVE-2024-0408.patch: call XACE hooks on the GLX buffer in glx/glxcmds.c. - CVE-2024-0408 * SECURITY UPDATE: SELinux context corruption - debian/patches/CVE-2024-0409.patch: use the proper private key for cursor in hw/kdrive/ephyr/ephyrcursor.c. - CVE-2024-0409 * SECURITY UPDATE: Heap buffer overflow in XISendDeviceHierarchyEvent - debian/patches/CVE-2024-21885.patch: flush hierarchy events after adding/removing master devices in Xi/xichangehierarchy.c. - CVE-2024-21885 * SECURITY UPDATE: Heap buffer overflow in DisableDevice - debian/patches/CVE-2024-21886-1.patch: do not keep linked list pointer during recursion in dix/devices.c. - debian/patches/CVE-2024-21886-2.patch: when disabling a master, float disabled slaved devices too in dix/devices.c. - CVE-2024-21886 Checksums-Sha1: 8bb6f2c2f8a6ad9f2611683c6102bb04a1fee537 2910748 xnest-dbgsym_21.1.4-2ubuntu1.7~22.04.7_ppc64el.ddeb 36fd5d3e6ba0d5d1c0415122d1b288323c816b5c 885260 xnest_21.1.4-2ubuntu1.7~22.04.7_ppc64el.deb c31a71ccb1728b099ce78fddc2f58bb05b293303 15704 xorg-server_21.1.4-2ubuntu1.7~22.04.7_ppc64el.buildinfo cd69ee96a5226c4ea4dd4cc1fada1475e86edafb 27931 xorg-server_21.1.4-2ubuntu1.7~22.04.7_ppc64el_translations.tar.gz e107461386311b97e3f3f672df280223f5fa5c8a 4272896 xserver-xephyr-dbgsym_21.1.4-2ubuntu1.7~22.04.7_ppc64el.ddeb be46c1d41feb11ce0e775558dc8db35eb5612341 1253282 xserver-xephyr_21.1.4-2ubuntu1.7~22.04.7_ppc64el.deb a1624e10924aa88129f6c6f1bddd45253246c1f0 6258858 xserver-xorg-core-dbgsym_21.1.4-2ubuntu1.7~22.04.7_ppc64el.ddeb cd7f64b3df088b97f9e127e3390fe558803b3b0c 1812592 xserver-xorg-core_21.1.4-2ubuntu1.7~22.04.7_ppc64el.deb cdf7771bd06a4dc4e487b2c337063fc38559c6ae 203624 xserver-xorg-dev_21.1.4-2ubuntu1.7~22.04.7_ppc64el.deb 2708990f6c6d098375e58e6f195a5852f447d722 10078 xserver-xorg-legacy-dbgsym_21.1.4-2ubuntu1.7~22.04.7_ppc64el.ddeb e248af214c7829d9b6dbb6f1704b4538e7494b44 36064 xserver-xorg-legacy_21.1.4-2ubuntu1.7~22.04.7_ppc64el.deb 8bdb8b3ba1709cb268a9fbb45b44f110c5fad992 3546944 xvfb-dbgsym_21.1.4-2ubuntu1.7~22.04.7_ppc64el.ddeb 5a3477ca19701f5c2de947678ac95799635b9d6f 1067898 xvfb_21.1.4-2ubuntu1.7~22.04.7_ppc64el.deb Checksums-Sha256: 68685c2d466defc09a6d4821032f6509b04e7e008bb3b129d792f7321e77a6f5 2910748 xnest-dbgsym_21.1.4-2ubuntu1.7~22.04.7_ppc64el.ddeb 99eaf468191119d234ab1af9aac3ce43b7aa8cef1dd8af7830699cfb3d458e7f 885260 xnest_21.1.4-2ubuntu1.7~22.04.7_ppc64el.deb 1bbed12f0e59477bfccc219e85d980c89c33f90713a9edaf11131f3e7e472a17 15704 xorg-server_21.1.4-2ubuntu1.7~22.04.7_ppc64el.buildinfo c969118ea3963a2fc6932258b5cbed2b09fa2fb6294fa44318aee4cc3b00c1dc 27931 xorg-server_21.1.4-2ubuntu1.7~22.04.7_ppc64el_translations.tar.gz 1649cc4b6c0b7f14b10813bd8f8ef0f9319cee133bd823996834008f7ef28c34 4272896 xserver-xephyr-dbgsym_21.1.4-2ubuntu1.7~22.04.7_ppc64el.ddeb 8c5a2eff8402149bbe74feed075faf1480ddcbbd2e461c82cbdaf5eded483725 1253282 xserver-xephyr_21.1.4-2ubuntu1.7~22.04.7_ppc64el.deb 004faa851eb0a321248b3d0b6ebb10c9a430837a9e5a0a8a5d6f928dda5d8fca 6258858 xserver-xorg-core-dbgsym_21.1.4-2ubuntu1.7~22.04.7_ppc64el.ddeb ddc2f42e7fcfef9492eb025c18db3bc8736242a29afe00a057a2ebad774f50b6 1812592 xserver-xorg-core_21.1.4-2ubuntu1.7~22.04.7_ppc64el.deb 7965c90ceb9a64188e8518a5e67762abf85066e038c82a4b347e5dacb192b714 203624 xserver-xorg-dev_21.1.4-2ubuntu1.7~22.04.7_ppc64el.deb 9d183a1922180bb3ef9dc23c6c33db82e1f56eb13ce7ceed025c50b31217aaf5 10078 xserver-xorg-legacy-dbgsym_21.1.4-2ubuntu1.7~22.04.7_ppc64el.ddeb e80b5fa803b495e50c1cdb6da63e2c964e06e8fddcb5ac36773ede9ce69926d9 36064 xserver-xorg-legacy_21.1.4-2ubuntu1.7~22.04.7_ppc64el.deb ac14f958a39be22a61c685cb0f8758942b2b051047846aeadc396225d382da34 3546944 xvfb-dbgsym_21.1.4-2ubuntu1.7~22.04.7_ppc64el.ddeb d1b3a948ae634f0bfdad0c21f97605432419747307b8b1f4f54dbbe7fb0b2d0d 1067898 xvfb_21.1.4-2ubuntu1.7~22.04.7_ppc64el.deb Files: e80a5753c83b00cd16f2ab71ca869bda 2910748 debug optional xnest-dbgsym_21.1.4-2ubuntu1.7~22.04.7_ppc64el.ddeb 6b3a08b1f649296f726bc46cc48f2ba1 885260 x11 optional xnest_21.1.4-2ubuntu1.7~22.04.7_ppc64el.deb c0ca636b2053fc73898d61cab3f58ca8 15704 x11 optional xorg-server_21.1.4-2ubuntu1.7~22.04.7_ppc64el.buildinfo 97cbc2ec1a228d8c603a5c77d7bb050d 27931 raw-translations - xorg-server_21.1.4-2ubuntu1.7~22.04.7_ppc64el_translations.tar.gz 5c712e4498340e766762651940e7a565 4272896 debug optional xserver-xephyr-dbgsym_21.1.4-2ubuntu1.7~22.04.7_ppc64el.ddeb 4d2fe5e805eef94a2fbb1978366aced2 1253282 x11 optional xserver-xephyr_21.1.4-2ubuntu1.7~22.04.7_ppc64el.deb cb7c2c7e1edeb959109e12977efef2ea 6258858 debug optional xserver-xorg-core-dbgsym_21.1.4-2ubuntu1.7~22.04.7_ppc64el.ddeb 2bda1f5b5ed1a744a171741020d98b58 1812592 x11 optional xserver-xorg-core_21.1.4-2ubuntu1.7~22.04.7_ppc64el.deb c3eb3b17967a5ca7823e9e112ecdec47 203624 x11 optional xserver-xorg-dev_21.1.4-2ubuntu1.7~22.04.7_ppc64el.deb 5d85398064305a91aeea0ebcfc44b181 10078 debug optional xserver-xorg-legacy-dbgsym_21.1.4-2ubuntu1.7~22.04.7_ppc64el.ddeb 2872dbe0711961fb06aaef2241ae88cc 36064 x11 optional xserver-xorg-legacy_21.1.4-2ubuntu1.7~22.04.7_ppc64el.deb 6d3395941e6f5f1804058e679bc7097d 3546944 debug optional xvfb-dbgsym_21.1.4-2ubuntu1.7~22.04.7_ppc64el.ddeb 9e5f8ebe50f586971fe5ec005331310b 1067898 x11 optional xvfb_21.1.4-2ubuntu1.7~22.04.7_ppc64el.deb Original-Maintainer: Debian X Strike Force