[Bug 1949553] Re: Backport packages for 20.04.4 HWE stack

Launchpad Bug Tracker 1949553 at bugs.launchpad.net
Tue Dec 14 18:07:55 UTC 2021 

This bug was fixed in the package xorg-server -
2:1.20.13-1ubuntu1~20.04.2

---------------
xorg-server (2:1.20.13-1ubuntu1~20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: SProcRenderCompositeGlyphs out-of-bounds access
    - debian/patches/CVE-2021-4008.patch: check lengths in render/render.c.
    - CVE-2021-4008
  * SECURITY UPDATE: SProcXFixesCreatePointerBarrier out-of-bounds access
    - debian/patches/CVE-2021-4009.patch: use sizes in xfixes/cursor.c.
    - CVE-2021-4009
  * SECURITY UPDATE: SProcScreenSaverSuspend out-of-bounds access
    - debian/patches/CVE-2021-4010.patch: fix logic in Xext/saver.c.
    - CVE-2021-4010
  * SECURITY UPDATE: SwapCreateRegister out-of-bounds access
    - debian/patches/CVE-2021-4011.patch: fix length in record/record.c.
    - CVE-2021-4011

 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Tue, 14 Dec 2021
09:14:13 -0500

** Changed in: xorg-server (Ubuntu Focal)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-4008

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-4009

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-4010

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-4011

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libdrm in Ubuntu.
https://bugs.launchpad.net/bugs/1949553

Title:
  Backport packages for 20.04.4 HWE stack

Status in libdrm package in Ubuntu:
  Invalid
Status in mesa package in Ubuntu:
  Invalid
Status in xorg-server package in Ubuntu:
  Invalid
Status in libdrm source package in Focal:
  Fix Committed
Status in mesa source package in Focal:
  In Progress
Status in xorg-server source package in Focal:
  Fix Released

Bug description:
  [Impact]

  These are needed for 20.04.4 images.

  [Test case]

  Boot a daily image, see that it still has the necessary stack
  installed and working.

  [What could go wrong]

  libdrm: adds some new api, no changes to old stuff

  llvm-13: a new package, no regression potential on it's own

  mesa: a new major release, but we'll pull the final stable release of
  21.2.x series, so there shouldn't be any regressions left at that
  point

  xserver: a new point-release, 1.20.x series is in deep maintenance
  mode, so there should be little chance of breakage

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libdrm/+bug/1949553/+subscriptions

More information about the foundations-bugs mailing list