[bts-link] source package src:xserver-xorg-video-qxl
# # bts-link upstream status pull for source package src:xserver-xorg-video-qxl # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html # https://bts-link-team.pages.debian.net/bts-link/ # user debian-bts-l...@lists.debian.org # remote status report for #1002143 (http://bugs.debian.org/1002143) # Bug title: xserver-xorg-video-qxl: FTBFS: xf86Opt.h:44:10: error: two or more data types in declaration specifiers # * https://gitlab.freedesktop.org/xorg/driver/xf86-video-qxl/-/issues/12 # * remote status changed: (?) -> opened usertags 1002143 + status-opened thanks
Bug#1004689: xterm: CVE-2022-24130
Source: xterm Version: 370-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for xterm. CVE-2022-24130[0]: | xterm through Patch 370, when Sixel support is enabled, allows | attackers to trigger a buffer overflow in set_sixel in | graphics_sixel.c via crafted text. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-24130 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24130 [1] https://www.openwall.com/lists/oss-security/2022/01/30/2 [3] https://www.openwall.com/lists/oss-security/2022/01/30/3 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Processed: found 1004689 in 366-1, found 1004689 in 344-1+deb10u1, found 1004689 in 344-1
Processing commands for cont...@bugs.debian.org: > found 1004689 366-1 Bug #1004689 [src:xterm] xterm: CVE-2022-24130 Marked as found in versions xterm/366-1. > found 1004689 344-1+deb10u1 Bug #1004689 [src:xterm] xterm: CVE-2022-24130 Marked as found in versions xterm/344-1+deb10u1. > found 1004689 344-1 Bug #1004689 [src:xterm] xterm: CVE-2022-24130 Marked as found in versions xterm/344-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 1004689: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004689 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1004689: xterm: CVE-2022-24130
On Mon, Jan 31, 2022 at 08:37:03PM +0100, Salvatore Bonaccorso wrote: > Source: xterm > Version: 370-1 > Severity: important > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > > Hi, > > The following vulnerability was published for xterm. > > CVE-2022-24130[0]: > | xterm through Patch 370, when Sixel support is enabled, allows > | attackers to trigger a buffer overflow in set_sixel in > | graphics_sixel.c via crafted text. > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. changelog as usual reflects the actual report, not a succession of secondhand information. I applied a fix for the issue yesterday, which will be in #371. For backports, do as suggested here: http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/x11/xterm/patches/patch-graphics__sixel.c derived from https://github.com/ThomasDickey/xterm-snapshots/blob/master/graphics_sixel.c -- Thomas E. Dickey https://invisible-island.net ftp://ftp.invisible-island.net signature.asc Description: PGP signature
