CVE-2023-5380

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.

References

Affected packages

Debian:11 / xorg-server

Package

Name: xorg-server
Purl: pkg:deb/debian/xorg-server?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:1.20.11-1+deb11u8

Affected versions

2:1.*

2:1.20.11-1

2:1.20.11-1+deb11u1

2:1.20.11-1+deb11u2

2:1.20.11-1+deb11u3

2:1.20.11-1+deb11u4

2:1.20.11-1+deb11u5

2:1.20.11-1+deb11u6

2:1.20.11-1+deb11u7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / xorg-server

Package

Name: xorg-server
Purl: pkg:deb/debian/xorg-server?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:21.1.7-3+deb12u2

Affected versions

2:21.*

2:21.1.7-3

2:21.1.7-3+deb12u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / xorg-server

Package

Name: xorg-server
Purl: pkg:deb/debian/xorg-server?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:21.1.9-1

Affected versions

2:21.*

2:21.1.7-3

2:21.1.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}