Date: Tue, 04 Apr 2023 17:36:18 +0000 From: bugzilla-noreply@freebsd.org To: x11@FreeBSD.org Subject: [Bug 270540] x11-servers/xorg-server: CVE-2023-1393 Message-ID: <bug-270540-7141-ASR2EitEXr@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-270540-7141@https.bugs.freebsd.org/bugzilla/> References: <bug-270540-7141@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D270540 --- Comment #3 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3D0449a8492b3bd067d809faf3fdfe30a= 0f3345247 commit 0449a8492b3bd067d809faf3fdfe30a0f3345247 Author: Dimitry Andric <dim@FreeBSD.org> AuthorDate: 2023-04-01 11:03:49 +0000 Commit: Dimitry Andric <dim@FreeBSD.org> CommitDate: 2023-04-04 17:32:59 +0000 x11-servers/xorg-server: update to 21.1.8 This fixes: * ZDI-CAN-19866/CVE-2023-1393: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. PR: 270540 Approved by: x11 (maintainer) MFH: 2023Q2 Security: 96d84238-b500-490b-b6aa-2b77090a0410 x11-servers/xorg-server/Makefile | 2 +- x11-servers/xorg-server/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-270540-7141-ASR2EitEXr>