[Bug 265244] x11-servers/xorg-server: CVE-2022-2319 and CVE-2022-2320

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 15 Jul 2022 22:55:28 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=265244

            Bug ID: 265244
           Summary: x11-servers/xorg-server: CVE-2022-2319 and
                    CVE-2022-2320
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: x11@FreeBSD.org
          Reporter: warlock@phouka.net
             Flags: maintainer-feedback?(x11@FreeBSD.org)
          Assignee: x11@FreeBSD.org

https://www.theregister.com/2022/07/13/xorg_servers_updated/
https://lists.x.org/archives/xorg/2022-July/061035.html

CVE-2022-2319/ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds
Access
CVE-2022-2320/ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds
Access

Not totally sure if xorg-server-1.20.14 is vulnerable to this (vs
xorg-server-21.1.x).  Portscout thinks we need an upgrade, but I'm pretty sure
that just falls under the tyranny of higher-value-found and
please-don't-screw-with-numbering-schemes.

-- 
You are receiving this mail because:
You are the assignee for the bug.