Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
X
xorg-server
Manage
Activity
Members
Labels
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Model registry
Operate
Environments
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
pkg
xorg-server
Commits
9a9ce397
Commit
9a9ce397
authored
2 years ago
by
Ritesh Raj Sarraf
Browse files
Options
Downloads
Plain Diff
Merge updates from debian/bullseye-security
parents
f87e6480
35a1a047
No related branches found
No related tags found
4 merge requests
!45
Merge changes from apertis/v2022-security into apertis/v2022
,
!42
Backport Debian Bullseye Security/Updates
,
!41
Backport Debian Bullseye Security/Updates
,
!40
Update from debian/bullseye-security for apertis/v2024dev1
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
debian/changelog
+6
-0
6 additions, 0 deletions
debian/changelog
debian/patches/20_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
+30
-0
30 additions, 0 deletions
...i-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
debian/patches/series
+1
-0
1 addition, 0 deletions
debian/patches/series
with
37 additions
and
0 deletions
debian/changelog
+
6
−
0
View file @
9a9ce397
xorg-server (2:1.20.11-1+deb11u5) bullseye-security; urgency=high
* Xi: fix potential use-after-free in DeepCopyPointerClasses (CVE-2023-0494)
-- Julien Cristau <jcristau@debian.org> Wed, 01 Feb 2023 15:11:18 +0100
xorg-server (2:1.20.11-1+deb11u4+apertis1) apertis; urgency=medium
xorg-server (2:1.20.11-1+deb11u4+apertis1) apertis; urgency=medium
* Sync updates from Debian Bullseye Security.
* Sync updates from Debian Bullseye Security.
...
...
This diff is collapsed.
Click to expand it.
debian/patches/20_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
0 → 100644
+
30
−
0
View file @
9a9ce397
From 7150ba655c0cc08fa6ded309b81265bb672f2869 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Wed, 25 Jan 2023 11:41:40 +1000
Subject: [PATCH xserver] Xi: fix potential use-after-free in
DeepCopyPointerClasses
CVE-2023-0494, ZDI-CAN 19596
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
Xi/exevents.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/Xi/exevents.c
+++ b/Xi/exevents.c
@@ -575,8 +575,10 @@
DeepCopyPointerClasses(DeviceIntPtr from
memcpy(to->button->xkb_acts, from->button->xkb_acts,
sizeof(XkbAction));
}
- else
+ else {
free(to->button->xkb_acts);
+ to->button->xkb_acts = NULL;
+ }
memcpy(to->button->labels, from->button->labels,
from->button->numButtons * sizeof(Atom));
This diff is collapsed.
Click to expand it.
debian/patches/series
+
1
−
0
View file @
9a9ce397
...
@@ -20,3 +20,4 @@ disable-libgl-in-xwayland.patch
...
@@ -20,3 +20,4 @@ disable-libgl-in-xwayland.patch
17_Xi-return-an-error-from-XI-property-changes-if-verif.patch
17_Xi-return-an-error-from-XI-property-changes-if-verif.patch
18_Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
18_Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
19_xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
19_xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
20_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
