-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 17 Dec 2022 11:00:08 +0100 Source: xorg-server Architecture: source Version: 2:1.20.11-1+deb11u4 Distribution: bullseye-security Urgency: high Maintainer: Debian X Strike Force Changed-By: Salvatore Bonaccorso Closes: 1026071 Changes: xorg-server (2:1.20.11-1+deb11u4) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * Xtest: disallow GenericEvents in XTestSwapFakeInput (CVE-2022-46340) (Closes: #1026071) * Xi: disallow passive grabs with a detail > 255 (CVE-2022-46341) (Closes: #1026071) * Xext: free the XvRTVideoNotify when turning off from the same client (CVE-2022-46342) (Closes: #1026071) * Xext: free the screen saver resource when replacing it (CVE-2022-46343) (Closes: #1026071) * Xi: return an error from XI property changes if verification failed * Xi: avoid integer truncation in length check of ProcXIChangeProperty (CVE-2022-46344) (Closes: #1026071) * xkb: reset the radio_groups pointer to NULL after freeing it (CVE-2022-4283) (Closes: #1026071) Checksums-Sha1: dde7bc1270bfc6f12a655ec97fde334ce092ab23 4391 xorg-server_1.20.11-1+deb11u4.dsc 8560c7840e9de0b48c4b66190173f05b0e439187 171268 xorg-server_1.20.11-1+deb11u4.diff.gz Checksums-Sha256: 51f66f51b2b3f561e7a27df6971d6849c03c26094962e4120bc54caeccf34bd4 4391 xorg-server_1.20.11-1+deb11u4.dsc 4d90bda023a50ea5f2558247c286bcd9242d321edae92a7d18e22e7112c6179b 171268 xorg-server_1.20.11-1+deb11u4.diff.gz Files: 88a91033cb3b049187acbd782beca174 4391 x11 optional xorg-server_1.20.11-1+deb11u4.dsc e4471c9b1a877b74928b6de8abc7157c 171268 x11 optional xorg-server_1.20.11-1+deb11u4.diff.gz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmOdm7tfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EW0QP/0lnXwSMBo6VNBIIlDnHSo4dhfrwE2VS GcWb5diKV1VxA9ZZGmgoI2GegErCFPS+ZEjM3it0uqrQnHjzTZGZhV1XX0Hy59jB vR8RGZf+p5I/BeyodkuqnZa7lyERniP35chCfeLRAnpDY4ofdWBGenAK9TeB52w/ Uz10GgAd24CtpdfXvhZu9fSEh+Kw3a7C61px7rCpiAg7Y7+rXkodutWzeHpEwCv/ HrZEtx4A++yLaQVAdYUibj5vBNYuAGI4t70oww69aQ7nCRZN/65q5CZhivqoXhGr Qggvh5UwRLFCExw+Gclfo1zpArAlL0vWO79pVdc2vLu2HRyyvHeyT1So9sWc5wsS 8htPEzxC4KnlBarU8qlIo1xcSv8r93mrJGsqYdsTDFcGair70dLr16n+vcZfGw+V SM/UTsrIVIotYCcNZyadHiXrpXXgjUukNNzVuqLMFopeDDQsW5PWE7dprujnnJlA DCGESwc/EKxNaq5ZznQs43pk7G036y+bmpIFh1CMWdt6DFCbKd+w2eKCXWxflVy+ KJ2uWcBxtUWZX6+ya6VxiTwMvga1uqmPfUGxh4ZbPRd7796uAcB4ukmGceanIPi2 yUYsFRB9/vA4dxpLak/wd+P1Oxkk7D5ATAiL8qADqStLvjUW27ASaGo1KUFDpvsl 6Jm6WkG4Oepk =ZPzt -----END PGP SIGNATURE-----