maintainer-feedback requested: [Bug 265244] x11-servers/xorg-server: CVE-2022-2319 and CVE-2022-2320

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 265244] x11-servers/xorg-server: CVE-2022-2319 and CVE-2022-2320"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 15 Jul 2022 22:55:28 UTC

Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-x11 (Nobody)
<x11@FreeBSD.org> for maintainer-feedback:
Bug 265244: x11-servers/xorg-server: CVE-2022-2319 and CVE-2022-2320
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=265244



--- Description ---
https://www.theregister.com/2022/07/13/xorg_servers_updated/
https://lists.x.org/archives/xorg/2022-July/061035.html

CVE-2022-2319/ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds
Access
CVE-2022-2320/ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds
Access

Not totally sure if xorg-server-1.20.14 is vulnerable to this (vs
xorg-server-21.1.x).  Portscout thinks we need an upgrade, but I'm pretty sure
that just falls under the tyranny of higher-value-found and
please-don't-screw-with-numbering-schemes.