CVE-2022-3555 (https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8a368d808fec166b5fb3dfe6312aab22c7ee20af): A vulnerability was found in X.org libX11 and classified as problematic. This issue affects the function _XFreeX11XCBStructure of the file xcb_disp.c. The manipulation of the argument dpy leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211055. Patch seems unreleased.
There is a follow-up patch: https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=76d1cc3c1ce943c6ff81dc8c62a1d1b30fabf02e. Both libX11-1.7.5 and libX11-1.8.1 seem to already include these fixes.
CVE-2022-3554 (https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=1d11822601fd24a396b354fa616b04ed3df8b4ef): A vulnerability has been found in X.org libX11 and classified as problematic. This vulnerability affects the function _XimRegisterIMInstantiateCallback of the file modules/im/ximcp/imsClbk.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211054 is the identifier assigned to this vulnerability. The first CVE is indeed fixed in 1.7.5 and 1.8.1, but *this* is the one that appears unreleased.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=ad043d75ef1974c869c6e376d93dc9e7f4518860 commit ad043d75ef1974c869c6e376d93dc9e7f4518860 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-07-06 06:46:25 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-07-06 06:46:34 +0000 [ GLSA 202407-21 ] X.Org X11 library: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/877461 Bug: https://bugs.gentoo.org/908549 Bug: https://bugs.gentoo.org/915129 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202407-21.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+)