-
xwayland (2:22.1.3-2ubuntu0.4) kinetic-security; urgency=medium
* SECURITY UPDATE: Overlay Window Use-After-Free
- debian/patches/CVE-2023-1393.patch: fix use-after-free of the COW in
composite/compwindow.c.
- CVE-2023-1393
-- Marc Deslauriers <email address hidden> Wed, 29 Mar 2023 09:04:26 -0400
-
xwayland (2:22.1.3-2ubuntu0.3) kinetic-security; urgency=medium
* SECURITY UPDATE: DeepCopyPointerClasses use-after-free
- debian/patches/CVE-2023-0494.patch: fix potential use-after-free in
Xi/exevents.c.
- CVE-2023-0494
-- Marc Deslauriers <email address hidden> Tue, 07 Feb 2023 08:05:25 -0500
-
xwayland (2:22.1.3-2ubuntu0.2) kinetic-security; urgency=medium
* SECURITY UPDATE: XTestSwapFakeInput stack overflow
- debian/patches/CVE-2022-46340.patch: disallow GenericEvents in
XTestSwapFakeInput in Xext/xtest.c.
- CVE-2022-46340
* SECURITY UPDATE: XIPassiveUngrabDevice out-of-bounds access
- debian/patches/CVE-2022-46341.patch: disallow passive grabs with a
detail > 255 in Xi/xipassivegrab.c.
- CVE-2022-46341
* SECURITY UPDATE: XvdiSelectVideoNotify use-after-free
- debian/patches/CVE-2022-46342.patch: free the XvRTVideoNotify when
turning off from the same client in Xext/xvmain.c.
- CVE-2022-46342
* SECURITY UPDATE: ScreenSaverSetAttributes use-after-free
- debian/patches/CVE-2022-46343.patch: free the screen saver resource
when replacing it in Xext/saver.c.
- CVE-2022-46343
* SECURITY UPDATE: XIChangeProperty out-of-bounds access
- debian/patches/CVE-2022-46344-1.patch: return an error from XI
property changes if verification failed in Xi/xiproperty.c.
- debian/patches/CVE-2022-46344-2.patch: avoid integer truncation in
length check of ProcXIChangeProperty in Xi/xiproperty.c.
- CVE-2022-46344
* SECURITY UPDATE: XkbGetKbdByName use-after-free
- debian/patches/CVE-2022-4283.patch: reset the radio_groups pointer to
NULL after freeing it in xkb/xkbUtils.c.
- CVE-2022-4283
-- Marc Deslauriers <email address hidden> Wed, 07 Dec 2022 09:10:55 -0500
-
xwayland (2:22.1.3-2ubuntu0.1) kinetic-security; urgency=medium
* SECURITY UPDATE: GetCountedString Buffer Overflow
- debian/patches/CVE-2022-3550.patch: add a check for client->req_len
size for _GetCountedString in xkb/xkb.c.
- CVE-2022-3550
* SECURITY UPDATE: ProcXkbGetKbdByName Memory Leak
- debian/patches/CVE-2022-3551.patch: add calls to free allocated
memory if the execution reaches failures in ProcXkbGetKbdByName
in xkb/xkb.c.
- CVE-2022-3551
-- Rodrigo Figueiredo Zaiden <email address hidden> Tue, 22 Nov 2022 16:36:36 -0300
-
xwayland (2:22.1.3-2) unstable; urgency=medium
[ Daniel van Vugt ]
* Add xwayland-Detect-gbm_bo_get_fd_for_plane-at-runtime.patch
-- Timo Aaltonen <email address hidden> Thu, 25 Aug 2022 13:03:43 +0300
-
xwayland (2:22.1.3-1) unstable; urgency=medium
* New upstream release.
- CVE-2022-2319, CVE-2022-2320
-- Timo Aaltonen <email address hidden> Tue, 26 Jul 2022 14:39:48 +0300
-
xwayland (2:22.1.2-1ubuntu1) kinetic; urgency=medium
* SECURITY UPDATE: ProcXkbSetGeometry Out-Of-Bounds Access
- debian/patches/CVE-2022-2319-pre1.patch: switch to array index loops
to moving pointers in xkb/xkb.c.
- debian/patches/CVE-2022-2319.patch: add request length validation for
XkbSetGeometry in xkb/xkb.c.
- CVE-2022-2319
* SECURITY UPDATE: ProcXkbSetDeviceInfo Out-Of-Bounds Access
- debian/patches/CVE-2022-2320.patch: swap XkbSetDeviceInfo and
XkbSetDeviceInfoCheck in xkb/xkb.c.
- CVE-2022-2320
-- Marc Deslauriers <email address hidden> Tue, 12 Jul 2022 11:22:34 -0400
-
xwayland (2:22.1.2-1) unstable; urgency=medium
* New upstream release.
-- Timo Aaltonen <email address hidden> Thu, 02 Jun 2022 15:16:00 +0300
-
xwayland (2:22.1.1-1) unstable; urgency=medium
* New upstream release.
-- Timo Aaltonen <email address hidden> Fri, 01 Apr 2022 09:40:47 +0300
