[Bug 270540] x11-servers/xorg-server: CVE-2023-1393

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 270540] x11-servers/xorg-server: CVE-2023-1393"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 04 Apr 2023 17:36:18 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270540

--- Comment #3 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/ports/commit/?id=0449a8492b3bd067d809faf3fdfe30a0f3345247

commit 0449a8492b3bd067d809faf3fdfe30a0f3345247
Author:     Dimitry Andric <dim@FreeBSD.org>
AuthorDate: 2023-04-01 11:03:49 +0000
Commit:     Dimitry Andric <dim@FreeBSD.org>
CommitDate: 2023-04-04 17:32:59 +0000

    x11-servers/xorg-server: update to 21.1.8

    This fixes:

    * ZDI-CAN-19866/CVE-2023-1393: X.Org Server Overlay Window
      Use-After-Free  Local Privilege Escalation Vulnerability

      If a client explicitly destroys the compositor overlay window (aka
      COW), the Xserver would leave a dangling pointer to that window in the
      CompScreen structure, which will trigger a use-after-free later.

    PR:             270540
    Approved by:    x11 (maintainer)
    MFH:            2023Q2
    Security:       96d84238-b500-490b-b6aa-2b77090a0410

 x11-servers/xorg-server/Makefile | 2 +-
 x11-servers/xorg-server/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

-- 
You are receiving this mail because:
You are the assignee for the bug.