security update regression tracking bug
Bug #2051536 reported by
Marc Deslauriers
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xorg-server (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Jammy |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Mantic |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Noble |
Fix Released
|
Undecided
|
Unassigned | ||
xwayland (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Invalid
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned | ||
Mantic |
Fix Released
|
Undecided
|
Unassigned | ||
Noble |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
USN-6587-1 fixed security issues in X.Org. A commit was missing which may result in a regression (memory leak).
See:
https:/
https:/
https:/
CVE References
Changed in xorg-server (Ubuntu Noble): | |
status: | New → Fix Released |
Changed in xorg-server (Ubuntu Focal): | |
status: | New → In Progress |
Changed in xorg-server (Ubuntu Jammy): | |
status: | New → In Progress |
Changed in xorg-server (Ubuntu Mantic): | |
status: | New → In Progress |
Changed in xorg-server (Ubuntu Focal): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in xorg-server (Ubuntu Jammy): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in xorg-server (Ubuntu Mantic): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in xwayland (Ubuntu Focal): | |
status: | New → Invalid |
Changed in xwayland (Ubuntu Mantic): | |
status: | New → Fix Released |
Changed in xwayland (Ubuntu Noble): | |
status: | New → Fix Released |
Changed in xwayland (Ubuntu Jammy): | |
status: | New → In Progress |
To post a comment you must log in.
This bug was fixed in the package xorg-server - 2:1.20. 13-1ubuntu1~ 20.04.15
--------------- 13-1ubuntu1~ 20.04.15) focal-security; urgency=medium
xorg-server (2:1.20.
* SECURITY REGRESSION: memory leak due to incomplete fix (LP: #2051536) patches/ CVE-2024- 21886-3. patch: fix use after free in input
- debian/
device shutdown in dix/devices.c.
-- Marc Deslauriers <email address hidden> Mon, 29 Jan 2024 07:44:21 -0500