xorg-server 2:1.20.13-1ubuntu1~20.04.5 source package in Ubuntu

Changelog

xorg-server (2:1.20.13-1ubuntu1~20.04.5) focal-security; urgency=medium

  * SECURITY UPDATE: XTestSwapFakeInput stack overflow
    - debian/patches/CVE-2022-46340.patch: disallow GenericEvents in
      XTestSwapFakeInput in Xext/xtest.c.
    - CVE-2022-46340
  * SECURITY UPDATE: XIPassiveUngrabDevice out-of-bounds access
    - debian/patches/CVE-2022-46341.patch: disallow passive grabs with a
      detail > 255 in Xi/xipassivegrab.c.
    - CVE-2022-46341
  * SECURITY UPDATE: XvdiSelectVideoNotify use-after-free
    - debian/patches/CVE-2022-46342.patch: free the XvRTVideoNotify when
      turning off from the same client in Xext/xvmain.c.
    - CVE-2022-46342
  * SECURITY UPDATE: ScreenSaverSetAttributes use-after-free
    - debian/patches/CVE-2022-46343.patch: free the screen saver resource
      when replacing it in Xext/saver.c.
    - CVE-2022-46343
  * SECURITY UPDATE: XIChangeProperty out-of-bounds access
    - debian/patches/CVE-2022-46344-1.patch: return an error from XI
      property changes if verification failed in Xi/xiproperty.c.
    - debian/patches/CVE-2022-46344-2.patch: avoid integer truncation in
      length check of ProcXIChangeProperty in Xi/xiproperty.c.
    - CVE-2022-46344
  * SECURITY UPDATE: XkbGetKbdByName use-after-free
    - debian/patches/CVE-2022-4283.patch: reset the radio_groups pointer to
      NULL after freeing it in xkb/xkbUtils.c.
    - CVE-2022-4283

 -- Marc Deslauriers <email address hidden>  Wed, 07 Dec 2022 08:02:34 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Focal
Original maintainer:
Ubuntu X-SWAT
Architectures:
any all
Section:
x11
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
xorg-server_1.20.13.orig.tar.gz 8.9 MiB 26f801f4d92216995f389873cf3b4e90069cf63e94bc5dd09ebbf7fd7e1ddcc2
xorg-server_1.20.13.orig.tar.gz.asc 618 bytes 6cf827ea8781809cb4516246a543202f62fbb1cb661253fb9c5fd67e6cee9a8b
xorg-server_1.20.13-1ubuntu1~20.04.5.diff.gz 229.0 KiB edf30fd4e5f97947db643bd70fa7d78de7f3442a00c84609588c70f46cb88a68
xorg-server_1.20.13-1ubuntu1~20.04.5.dsc 4.5 KiB be5a5eccb295e78f44ab35ca80fb80aa75e78bd387c8a7ad6db3d806e960ee1f

View changes file

Binary packages built by this source

xdmx: distributed multihead X server

 Xdmx is a proxy X server that uses one or more other X servers as its
 display device(s). It provides multi-head X functionality for displays that
 might be located on different machines. Xdmx functions as a front-end X server
 that acts as a proxy to a set of back-end X servers. All of the visible
 rendering is passed to the back-end X servers. Clients connect to the Xdmx
 front-end, and everything appears as it would in a regular multi-head
 configuration. If Xinerama is enabled (e.g., with +xinerama on the command
 line), the clients see a single large screen.
 .
 More information about X.Org can be found at:
 <URL:https://www.x.org>
 .
 This package is built from the X.org xserver module.

xdmx-dbgsym: debug symbols for xdmx
xdmx-tools: Distributed Multihead X tools

 This package provides a collection of tools used for administration of
 the Xdmx server; see the xdmx package for more information.
 .
 More information about X.Org can be found at:
 <URL:https://www.x.org>
 .
 This package is built from the X.org xserver module.

xdmx-tools-dbgsym: debug symbols for xdmx-tools
xnest: Nested X server

 Xnest is a nested X server that simply relays all its requests to another
 X server, where it runs as a client. This means that it appears as another
 window in your current X session. Xnest relies upon its parent X server
 for font services.
 .
 Use of the Xephyr X server instead of Xnest is recommended.
 .
 More information about X.Org can be found at:
 <URL:https://www.x.org>
 .
 This package is built from the X.org xserver module.

xnest-dbgsym: debug symbols for xnest
xorg-server-source: Xorg X server - source files

 This package provides original Debian (with Debian patches already
 applied, and autotools files updated) sources for the X.Org ('Xorg')
 X server shipped in a tarball. This enables other projects re-using
 X server codebase (e.g. VNC servers) to (re-)use officially
 Debian-supported version of the X xserver for their builds.
 .
 Unless you are building a software product using X server sources,
 you probably want xserver-xorg and/or xserver-xorg-core instead.

xserver-common: common files used by various X servers

 This package provides files necessary for all X.Org based X servers.

xserver-xephyr: nested X server

 Xephyr is an X server that can be run inside another X server,
 much like Xnest. It is based on the kdrive X server, and as a
 result it supports newer extensions than Xnest, including render and
 composite.
 .
 More information about X.Org can be found at:
 <URL:https://www.x.org>
 .
 This package is built from the X.org xserver module.

xserver-xephyr-dbgsym: debug symbols for xserver-xephyr
xserver-xorg-core: Xorg X server - core server

 The Xorg X server is an X server for several architectures and operating
 systems, which is derived from the XFree86 4.x series of X servers.
 .
 The Xorg server supports most modern graphics hardware from most vendors,
 and supersedes all XFree86 X servers.
 .
 More information about X.Org can be found at:
 <URL:https://www.x.org>
 .
 This package is built from the X.org xserver module.

xserver-xorg-core-dbgsym: debug symbols for xserver-xorg-core
xserver-xorg-core-udeb: Xorg X server - core server

 This is a udeb, or a microdeb, for the debian-installer.

xserver-xorg-dev: Xorg X server - development files

 This package provides development files for the X.Org ('Xorg') X server.
 This is not quite the same as the DDK (Driver Development Kit) from the
 XFree86 4.x and X.Org 6.7, 6.8 and 6.9 series of servers; it provides
 headers and a pkg-config file for drivers using autotools to build
 against.
 .
 Unless you are developing or building a driver, you probably want
 xserver-xorg and/or xserver-xorg-core instead.
 .
 More information about X.Org can be found at:
 <URL:https://www.x.org>
 .
 This package is built from the X.org xserver module.

xserver-xorg-legacy: setuid root Xorg server wrapper

 This package provides a wrapper for the Xorg X server, which is
 necessary for legacy drivers and non-Linux kernels.

xserver-xorg-legacy-dbgsym: debug symbols for xserver-xorg-legacy
xvfb: Virtual Framebuffer 'fake' X server

 Xvfb provides an X server that can run on machines with no display hardware
 and no physical input devices. It emulates a dumb framebuffer using virtual
 memory. The primary use of this server was intended to be server testing,
 but other novel uses for it have been found, including testing clients
 against unusual depths and screen configurations, doing batch processing with
 Xvfb as a background rendering engine, load testing, as an aid to porting the
 X server to a new platform, and providing an unobtrusive way to run
 applications that don't really need an X server but insist on having one
 anyway.
 .
 This package also contains a convenience script called xvfb-run which
 simplifies the automated execution of X clients in a virtual server
 environment. This convenience script requires the use of the xauth
 program.
 .
 More information about X.Org can be found at:
 <URL:https://www.x.org>
 .
 This package is built from the X.org xserver module.

xvfb-dbgsym: debug symbols for xvfb
xwayland: Xwayland X server

 This package provides an X server running on top of wayland, using wayland
 input devices for input and forwarding either the root window or individual
 top-level windows as wayland surfaces.

xwayland-dbgsym: debug symbols for xwayland