[ubuntu/plucky-proposed] xwayland 2:24.1.5-1ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Feb 26 13:19:17 UTC 2025 

xwayland (2:24.1.5-1ubuntu1) plucky; urgency=medium

  * SECURITY UPDATE: Use-after-free of the root cursor
    - debian/patches/CVE-2025-26594-1.patch: refuse to free the root cursor
      in dix/dispatch.c.
    - debian/patches/CVE-2025-26594-2.patch: keep a ref to the rootCursor
      in dix/main.c.
    - CVE-2025-26594
  * SECURITY UPDATE: Buffer overflow in XkbVModMaskText()
    - debian/patches/CVE-2025-26595.patch: fix bounds check in
      xkb/xkbtext.c.
    - CVE-2025-26595
  * SECURITY UPDATE: Heap overflow in XkbWriteKeySyms()
    - debian/patches/CVE-2025-26596.patch: fix computation of
      XkbSizeKeySyms in xkb/xkb.c.
    - CVE-2025-26596
  * SECURITY UPDATE: Buffer overflow in XkbChangeTypesOfKey()
    - debian/patches/CVE-2025-26597.patch: also resize key actions in
      xkb/XKBMisc.c.
    - CVE-2025-26597
  * SECURITY UPDATE: Out-of-bounds write in CreatePointerBarrierClient()
    - debian/patches/CVE-2025-26598.patch: fix barrier device search in
      Xi/xibarriers.c.
    - CVE-2025-26598
  * SECURITY UPDATE: Use of uninitialized pointer in compRedirectWindow()
    - debian/patches/CVE-2025-26599-1.patch: handle failure to redirect in
      composite/compalloc.c.
    - debian/patches/CVE-2025-26599-2.patch: initialize border clip even
      when pixmap alloc fails in composite/compalloc.c.
    - CVE-2025-26599
  * SECURITY UPDATE: Use-after-free in PlayReleasedEvents()
    - debian/patches/CVE-2025-26600.patch: dequeue pending events on frozen
      device on removal in dix/devices.c.
    - CVE-2025-26600
  * SECURITY UPDATE: Use-after-free in SyncInitTrigger()
    - debian/patches/CVE-2025-26601-1.patch: do not let sync objects
      uninitialized in Xext/sync.c.
    - debian/patches/CVE-2025-26601-2.patch: check values before applying
      changes in Xext/sync.c.
    - debian/patches/CVE-2025-26601-3.patch: do not fail
      SyncAddTriggerToSyncObject() in Xext/sync.c.
    - debian/patches/CVE-2025-26601-4.patch: apply changes last in
      SyncChangeAlarmAttributes() in Xext/sync.c.
    - CVE-2025-26601

Date: Wed, 19 Feb 2025 09:56:40 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/xwayland/2:24.1.5-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 19 Feb 2025 09:56:40 -0500
Source: xwayland
Built-For-Profiles: noudeb
Architecture: source
Version: 2:24.1.5-1ubuntu1
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 xwayland (2:24.1.5-1ubuntu1) plucky; urgency=medium
 .
   * SECURITY UPDATE: Use-after-free of the root cursor
     - debian/patches/CVE-2025-26594-1.patch: refuse to free the root cursor
       in dix/dispatch.c.
     - debian/patches/CVE-2025-26594-2.patch: keep a ref to the rootCursor
       in dix/main.c.
     - CVE-2025-26594
   * SECURITY UPDATE: Buffer overflow in XkbVModMaskText()
     - debian/patches/CVE-2025-26595.patch: fix bounds check in
       xkb/xkbtext.c.
     - CVE-2025-26595
   * SECURITY UPDATE: Heap overflow in XkbWriteKeySyms()
     - debian/patches/CVE-2025-26596.patch: fix computation of
       XkbSizeKeySyms in xkb/xkb.c.
     - CVE-2025-26596
   * SECURITY UPDATE: Buffer overflow in XkbChangeTypesOfKey()
     - debian/patches/CVE-2025-26597.patch: also resize key actions in
       xkb/XKBMisc.c.
     - CVE-2025-26597
   * SECURITY UPDATE: Out-of-bounds write in CreatePointerBarrierClient()
     - debian/patches/CVE-2025-26598.patch: fix barrier device search in
       Xi/xibarriers.c.
     - CVE-2025-26598
   * SECURITY UPDATE: Use of uninitialized pointer in compRedirectWindow()
     - debian/patches/CVE-2025-26599-1.patch: handle failure to redirect in
       composite/compalloc.c.
     - debian/patches/CVE-2025-26599-2.patch: initialize border clip even
       when pixmap alloc fails in composite/compalloc.c.
     - CVE-2025-26599
   * SECURITY UPDATE: Use-after-free in PlayReleasedEvents()
     - debian/patches/CVE-2025-26600.patch: dequeue pending events on frozen
       device on removal in dix/devices.c.
     - CVE-2025-26600
   * SECURITY UPDATE: Use-after-free in SyncInitTrigger()
     - debian/patches/CVE-2025-26601-1.patch: do not let sync objects
       uninitialized in Xext/sync.c.
     - debian/patches/CVE-2025-26601-2.patch: check values before applying
       changes in Xext/sync.c.
     - debian/patches/CVE-2025-26601-3.patch: do not fail
       SyncAddTriggerToSyncObject() in Xext/sync.c.
     - debian/patches/CVE-2025-26601-4.patch: apply changes last in
       SyncChangeAlarmAttributes() in Xext/sync.c.
     - CVE-2025-26601
Checksums-Sha1:
 0aaf88a2d769f495548d2eebcf6fbac5c02e6874 2635 xwayland_24.1.5-1ubuntu1.dsc
 d11d7b8df36be78e623504b09e634d5779039969 42720 xwayland_24.1.5-1ubuntu1.debian.tar.xz
 c811cde3588bce6876e9b674b5655de55cc377c0 10385 xwayland_24.1.5-1ubuntu1_source.buildinfo
Checksums-Sha256:
 18335d060dc8fbc70875337636bd414cfa7ea4fe2d59ccba6ff684327d6e3fc9 2635 xwayland_24.1.5-1ubuntu1.dsc
 0647369da6ac1afb53298faed6ffb9aea1db14e7eb7f53b4b843908aca07e31e 42720 xwayland_24.1.5-1ubuntu1.debian.tar.xz
 bd5333e70c5477b1392ad63efd9bcb8b2ddeafea3ed6a847cc4d4a61fefbf5f9 10385 xwayland_24.1.5-1ubuntu1_source.buildinfo
Files:
 1c103818536147c715067319cb2ac934 2635 x11 optional xwayland_24.1.5-1ubuntu1.dsc
 02c84456d224251c6cbda745396e9ff3 42720 x11 optional xwayland_24.1.5-1ubuntu1.debian.tar.xz
 6fdac6eb33d5556807b96d5727f0ab43 10385 x11 optional xwayland_24.1.5-1ubuntu1_source.buildinfo
Original-Maintainer: Debian X Strike Force <debian-x at lists.debian.org>

More information about the plucky-changes mailing list