Date: Fri, 15 Jul 2022 22:55:28 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 265244] x11-servers/xorg-server: CVE-2022-2319 and CVE-2022-2320 Message-ID: <bug-265244-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D265244 Bug ID: 265244 Summary: x11-servers/xorg-server: CVE-2022-2319 and CVE-2022-2320 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: x11@FreeBSD.org Reporter: warlock@phouka.net Flags: maintainer-feedback?(x11@FreeBSD.org) Assignee: x11@FreeBSD.org https://www.theregister.com/2022/07/13/xorg_servers_updated/ https://lists.x.org/archives/xorg/2022-July/061035.html CVE-2022-2319/ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access CVE-2022-2320/ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access Not totally sure if xorg-server-1.20.14 is vulnerable to this (vs xorg-server-21.1.x). Portscout thinks we need an upgrade, but I'm pretty s= ure that just falls under the tyranny of higher-value-found and please-don't-screw-with-numbering-schemes. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-265244-7788>