[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1038133: marked as done (libx11: CVE-2023-3138)

Your message dated Sat, 24 Jun 2023 14:32:09 +0000
with message-id <E1qD4J7-005zRM-I0@fasolo.debian.org>
and subject line Bug#1038133: fixed in libx11 2:1.8.4-2+deb12u1
has caused the Debian Bug report #1038133,
regarding libx11: CVE-2023-3138
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1038133: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038133
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: libx11
Version: 2:1.8.4-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for libx11.

CVE-2023-3138[0]:
| Buffer overflows in InitExt.c in libX11

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-3138
    https://www.cve.org/CVERecord?id=CVE-2023-3138
[1] https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c
[2] https://www.openwall.com/lists/oss-security/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: libx11
Source-Version: 2:1.8.4-2+deb12u1
Done: Salvatore Bonaccorso <carnil@debian.org>

We believe that the bug you reported is fixed in the latest version of
libx11, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038133@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libx11 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 15 Jun 2023 21:54:32 +0200
Source: libx11
Architecture: source
Version: 2:1.8.4-2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1038133
Changes:
 libx11 (2:1.8.4-2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * InitExt.c: Add bounds checks for extension request, event, & error codes
     (CVE-2023-3138) (Closes: #1038133)
Package-Type: udeb
Checksums-Sha1: 
 1b29f8777a0f0d1181c37aff0b788f177da15ffe 2670 libx11_1.8.4-2+deb12u1.dsc
 008e30d9d2d1458f4645755e99c56750cebeec1a 3168573 libx11_1.8.4.orig.tar.gz
 12a8c1b57916a6bc12c99ef9fcdd5e473431e64f 801 libx11_1.8.4.orig.tar.gz.asc
 58af89a9b8fb6d09fdbef380272a7c83ed1d48a9 112336 libx11_1.8.4-2+deb12u1.diff.gz
Checksums-Sha256: 
 52f4dbdadc4426c49052758b8019dda5ce2f8d90ef14ab63c7541009c4d21e45 2670 libx11_1.8.4-2+deb12u1.dsc
 efd3a3a43c1f177edc2c205bedb0719b6648203595e54c0b83a32576aeaca7cd 3168573 libx11_1.8.4.orig.tar.gz
 9d9a6bcdd81a40ed377b2981a4d40a0db1315d095e9ccc35a0ba78e692df8591 801 libx11_1.8.4.orig.tar.gz.asc
 a76755e21b268222e8e5f02cc6032655c83d180c8df6a201b08e3ea71cc6a4c4 112336 libx11_1.8.4-2+deb12u1.diff.gz
Files: 
 88a8fa591a9a0965bd7a14efe207ab1c 2670 x11 optional libx11_1.8.4-2+deb12u1.dsc
 b568618f2f9f5e3ff348f7ab985ea2d8 3168573 x11 optional libx11_1.8.4.orig.tar.gz
 ee8f1c527a875662b7ca070302054b40 801 x11 optional libx11_1.8.4.orig.tar.gz.asc
 71ed2ad77561b2a7dd1c8e5365bb7974 112336 x11 optional libx11_1.8.4-2+deb12u1.diff.gz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSLcJxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E7ZoP/29WGq+N/ouGYI/rMwvbPXqsrTWmOPsy
YgmVmj89py+Pkk1My1TQo9vjF0Rqs6g8ns2OLPGQJ4uAloFn7pcqhMlHOe3HbSlR
sSAZP8uRetNqNJMAPAnn14Ktd7g4/8SI0wM7CntzpzVSNM9C7dsHESL0fc0Jy+Ef
gxz5kcAKieTp2p7OsLLbKZ2V7218GdQnB91psoHx3/lw5JGEMp9sEdBRZ4o1xjvh
jDiUErEd7DWjvXVe4uOzjDqOQ3kTPgl3Cd80OnxYh1VaaD6yLrjVVwF3uy44QprJ
5uKvJk2wxp1A8c8VZz5Jo8+7es7yCPuysqsCJW7NHJCLzaxq6eLm1yw0RF6mIQ+s
ySG8Sjm+arAR0TMBjy5Onh5UqEMlVwdkh8Q0PsLjA6XNyZvTXbSOhQvLdwWwNDp1
seUMEnep8Sth782gvwMIQd/Z5qoQxeSm7AX067ISbvf/Zqx4hmUVvHybYKoy+d78
jZYXbcjtBqtyWZdvD19Rtmw3ryVzN9z4QIp8dXyBpjQUXTLSNcZZT+a5catY4L6z
rHO/DDvEni1ai4Xm2qh1vBRcEtzNWXEtKKNTgV4f/yISFtPrYMzOtJCtTUjEt7CK
o1zyv0E2FZAH8lH0CZk7YrqgOw/KmE+zUlpk7dlPC2CuXNBASk4A7TPVAhtpputp
XUuhe5mAk0XY
=DtCd
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: