CVE-2024-31080: The ProcXIGetSelectedEvents() function uses the byte-swapped length of the return data for the amount of data to return to the client, if the client has a different endianness than the X server. CVE-2024-31081: The ProcXIPassiveGrabDevice() function uses the byte-swapped length of the return data for the amount of data to return to the client, if the client has a different endianness than the X server. CVE-2024-31082: The ProcAppleDRICreatePixmap() function uses the byte-swapped length of the return data for the amount of data to return to the client, if the client has a different endianness than the X server. This function is only found in the Xquartz server for MacOS systems, and not in Xwayland, Xorg, or any other X servers. CVE-2024-31083: The ProcRenderAddGlyphs() function calls the AllocateGlyph() function to store new glyphs sent by the client to the X server. AllocateGlyph() would return a new glyph with refcount=0 and a re-used glyph would end up not changing the refcount at all. The resulting glyph_new array would thus have multiple entries pointing to the same non-refcounted glyphs.
The above are fixed in xorg-server 21.1.12 and xwayland 23.2.5
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7febe476aa2414645a436d1483a2e4dac2ff8f6b commit 7febe476aa2414645a436d1483a2e4dac2ff8f6b Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2024-04-03 19:56:04 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2024-04-03 20:33:26 +0000 x11-base/xwayland: Version bump to 23.2.5 Bug: https://bugs.gentoo.org/927716 Bug: https://bugs.gentoo.org/928531 Signed-off-by: Matt Turner <mattst88@gentoo.org> .../libva-intel-media-driver-24.2.0.ebuild | 4 +- x11-base/xwayland/Manifest | 1 + x11-base/xwayland/xwayland-23.2.5.ebuild | 113 +++++++++++++++++++++ 3 files changed, 116 insertions(+), 2 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=784d8d4263c2a0f3631b3ad4aed6ce31a4aea1b6 commit 784d8d4263c2a0f3631b3ad4aed6ce31a4aea1b6 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2024-04-03 22:51:55 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2024-04-03 22:56:51 +0000 x11-base/xorg-server: Version bump to 21.1.12 Bug: https://bugs.gentoo.org/928531 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-base/xorg-server/Manifest | 1 + x11-base/xorg-server/xorg-server-21.1.12.ebuild | 194 ++++++++++++++++++++++++ 2 files changed, 195 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ed4f356f44f3eaeac9f5649c9536ffa2f13cc02 commit 2ed4f356f44f3eaeac9f5649c9536ffa2f13cc02 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2024-04-21 21:05:03 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2024-04-21 21:07:13 +0000 x11-base/xorg-server: Drop old versions Bug: https://bugs.gentoo.org/928531 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-base/xorg-server/Manifest | 2 - x11-base/xorg-server/xorg-server-21.1.11.ebuild | 195 ------------------------ x11-base/xorg-server/xorg-server-21.1.12.ebuild | 194 ----------------------- 3 files changed, 391 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c7aa6f1c19579b1f8c0dfb5c3e709a34f940d0e1 commit c7aa6f1c19579b1f8c0dfb5c3e709a34f940d0e1 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2024-04-25 16:03:18 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2024-04-25 16:09:40 +0000 x11-base/xwayland: Drop old versions Bug: https://bugs.gentoo.org/928531 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-base/xwayland/Manifest | 2 - x11-base/xwayland/files/xwayland-23.2.4-c99.patch | 72 -------------- x11-base/xwayland/xwayland-23.2.4-r1.ebuild | 113 ---------------------- x11-base/xwayland/xwayland-23.2.4.ebuild | 112 --------------------- x11-base/xwayland/xwayland-23.2.5.ebuild | 113 ---------------------- 5 files changed, 412 deletions(-)
