Bug#1022560: marked as done (libx11: CVE-2022-3554)
Your message dated Thu, 3 Nov 2022 10:22:28 +0100
with message-id <Y2OIVGVYJLeqxn+B@eldamar.lan>
and subject line Re: Bug#1022560: libx11: CVE-2022-3554
has caused the Debian Bug report #1022560,
regarding libx11: CVE-2022-3554
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1022560: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022560
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: libx11: CVE-2022-3554
- From: Moritz Mühlenhoff <jmm@inutil.org>
- Date: Sun, 23 Oct 2022 23:20:52 +0200
- Message-id: <Y1WwNJWG63siLCw4@pisco.westfalen.local>
Source: libx11
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libx11.
CVE-2022-3554[0]:
| A vulnerability has been found in X.org libX11 and classified as
| problematic. This vulnerability affects the function
| _XimRegisterIMInstantiateCallback of the file
| modules/im/ximcp/imsClbk.c. The manipulation leads to memory leak. It
| is recommended to apply a patch to fix this issue. VDB-211054 is the
| identifier assigned to this vulnerability.
https://gitlab.freedesktop.org/xorg/lib/libx11/commit/1d11822601fd24a396b354fa616b04ed3df8b4ef
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-3554
https://www.cve.org/CVERecord?id=CVE-2022-3554
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
- To: Moritz Mühlenhoff <jmm@inutil.org>, 1022560-done@bugs.debian.org
- Subject: Re: Bug#1022560: libx11: CVE-2022-3554
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Thu, 3 Nov 2022 10:22:28 +0100
- Message-id: <Y2OIVGVYJLeqxn+B@eldamar.lan>
- In-reply-to: <Y1WwNJWG63siLCw4@pisco.westfalen.local>
- References: <Y1WwNJWG63siLCw4@pisco.westfalen.local>
Hi,
On Sun, Oct 23, 2022 at 11:20:52PM +0200, Moritz Mühlenhoff wrote:
> Source: libx11
> X-Debbugs-CC: team@security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerability was published for libx11.
>
> CVE-2022-3554[0]:
> | A vulnerability has been found in X.org libX11 and classified as
> | problematic. This vulnerability affects the function
> | _XimRegisterIMInstantiateCallback of the file
> | modules/im/ximcp/imsClbk.c. The manipulation leads to memory leak. It
> | is recommended to apply a patch to fix this issue. VDB-211054 is the
> | identifier assigned to this vulnerability.
>
> https://gitlab.freedesktop.org/xorg/lib/libx11/commit/1d11822601fd24a396b354fa616b04ed3df8b4ef
The CVE got rejected by its assigning CNA has withdrawn it (reason is
that further investigation apparently concluded it is not a security
issue).
Regards,
Salvatore
--- End Message ---
Reply to: