commit d139c538191733ae53cbd8d28ce3275f95aabcdc Author: Fredrik Rinnestam <fredrik@crux.nu> Date: Tue Dec 1 19:02:53 2020 +0100 [notify] xorg-server: 1.20.10. Fixes for CVE-2020-14360, CVE-2020-25712 Multiple input validation failures in X server XKB extension ============================================================ These issues can lead to privileges elevations for authorized clients on systems where the X server is running privileged. * CVE-2020-14360 / ZDI CAN 11572 XkbSetMap Out-Of-Bounds Access Insufficient checks on the lengths of the XkbSetMap request can lead to out of bounds memory accesses in the X server. * CVE-2020-25712 / ZDI-CAN-11839 XkbSetDeviceInfo Heap-based Buffer Overflow Insufficient checks on input of the XkbSetDeviceInfo request can lead to a buffer overflow on the head in the X server. diff --git a/xorg-server/.signature b/xorg-server/.signature index b16c38d7..7e6329ea 100644 --- a/xorg-server/.signature +++ b/xorg-server/.signature @@ -1,5 +1,5 @@ untrusted comment: verify with /etc/ports/xorg.pub -RWTSGWF5Q7TndLiXG/Mse5mSkOO2Qzva0uXLVaAem+/I1MX/GcGGnjNs2okLKyzG3wB5Yffqou//IE6o6W/IQ9jld2nVIqqATQQ= -SHA256 (Pkgfile) = 5e27a4794eae50de0b5ed40522481ba0889d31016808f081cc50b16aee5a0b83 +RWTSGWF5Q7TndGMXoWb+WtrcCadowj6ixbUkX1TOFZ+ysPp8DAjN6UvkF+9DZlb3fulCIF8Oe3YAI+gG02W3ayt3glv/hreengk= +SHA256 (Pkgfile) = ed42a86d4d3166f51df11f3e82373fd8e52a10056620a818986e19a45d870083 SHA256 (.footprint) = d159a275a4868001332954580ab4f70976c97a80334b157023935b36722e50cd -SHA256 (xorg-server-1.20.9.tar.bz2) = e219f2e0dfe455467939149d7cd2ee53b79b512cc1d2094ae4f5c9ed9ccd3571 +SHA256 (xorg-server-1.20.10.tar.bz2) = 977420c082450dc808de301ef56af4856d653eea71519a973c3490a780cb7c99 diff --git a/xorg-server/Pkgfile b/xorg-server/Pkgfile index 66cf40f5..abb39b04 100644 --- a/xorg-server/Pkgfile +++ b/xorg-server/Pkgfile @@ -4,7 +4,7 @@ # Depends on: libepoxy xorg-bdftopcf xorg-font-util xorg-libdmx xorg-libxaw xorg-libxcomposite xorg-libxcursor xorg-libxfont2 xorg-libxft xorg-libxinerama xorg-libxkbfile xorg-libxres xorg-libxtst xorg-libxxf86dga xorg-mkfontscale xorg-xcb-util-keysyms name=xorg-server -version=1.20.9 +version=1.20.10 release=1 source=(https://www.x.org/releases/individual/xserver/$name-$version.tar.bz2)