Date: Fri, 15 Jul 2022 22:55:28 +0000 From: bugzilla-noreply@freebsd.org To: x11@FreeBSD.org Subject: maintainer-feedback requested: [Bug 265244] x11-servers/xorg-server: CVE-2022-2319 and CVE-2022-2320 Message-ID: <bug-265244-7141-99ZDZ2POzi@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-265244-7141@https.bugs.freebsd.org/bugzilla/> References: <bug-265244-7141@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-x11 (Nobody) <x11@FreeBSD.org> for maintainer-feedback: Bug 265244: x11-servers/xorg-server: CVE-2022-2319 and CVE-2022-2320 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D265244 --- Description --- https://www.theregister.com/2022/07/13/xorg_servers_updated/ https://lists.x.org/archives/xorg/2022-July/061035.html CVE-2022-2319/ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access CVE-2022-2320/ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access Not totally sure if xorg-server-1.20.14 is vulnerable to this (vs xorg-server-21.1.x). Portscout thinks we need an upgrade, but I'm pretty s= ure that just falls under the tyranny of higher-value-found and please-don't-screw-with-numbering-schemes.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-265244-7141-99ZDZ2POzi>