FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-09 08:42:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
9e2fdfc7-e237-4393-9fa5-2d50908c66b3	xorg-server -- Multiple vulnerabilities The X.Org project reports: ZDI-CAN-22153/CVE-2023-5367: X.Org server: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty When prepending values to an existing property an invalid offset calculation causes the existing values to be appended at the wrong offset. The resulting memcpy() would write into memory outside the heap-allocated array. ZDI-CAN-21608/CVE-2023-5380: Use-after-free bug in DestroyWindow This vulnerability requires a legacy multi-screen setup with multiple protocol screens ("Zaphod"). If the pointer is warped from one screen to the root window of the other screen, the enter/leave code may retain a reference to the previous pointer window. Destroying this window leaves that reference in place, other windows may then trigger a use-after-free bug when they are destroyed. Discovery 2023-10-25 Entry 2023-10-25 xorg-server xephyr xorg-vfbserver < 21.1.9,1 xorg-nestserver < 21.1.9,2 xwayland < 23.2.2,1 xwayland-devel < 21.0.99.1.542 https://lists.x.org/archives/xorg-announce/2023-October/003430.html CVE-2023-5367 CVE-2023-5380

VuXML ID

Description

9e2fdfc7-e237-4393-9fa5-2d50908c66b3

xorg-server -- Multiple vulnerabilities

The X.Org project reports:

ZDI-CAN-22153/CVE-2023-5367: X.Org server: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty
When prepending values to an existing property an invalid offset calculation causes the existing values to be appended at the wrong offset. The resulting memcpy() would write into memory outside the heap-allocated array.

ZDI-CAN-21608/CVE-2023-5380: Use-after-free bug in DestroyWindow
This vulnerability requires a legacy multi-screen setup with multiple protocol screens ("Zaphod"). If the pointer is warped from one screen to the root window of the other screen, the enter/leave code may retain a reference to the previous pointer window. Destroying this window leaves that reference in place, other windows may then trigger a use-after-free bug when they are destroyed.

Discovery 2023-10-25
Entry 2023-10-25
xorg-server
xephyr
xorg-vfbserver

< 21.1.9,1

xorg-nestserver

< 21.1.9,2

xwayland

< 23.2.2,1

xwayland-devel

< 21.0.99.1.542

https://lists.x.org/archives/xorg-announce/2023-October/003430.html
CVE-2023-5367
CVE-2023-5380