CVE-2020-14344

NameCVE-2020-14344
DescriptionHeap corruption in the X input method client in libX11
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2312-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libx11 (PTS)stretch2:1.6.4-3+deb9u1vulnerable
stretch (security)2:1.6.4-3+deb9u2fixed
buster2:1.6.7-1vulnerable
bullseye2:1.6.9-2vulnerable
sid2:1.6.10-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libx11sourcestretch2:1.6.4-3+deb9u2DLA-2312-1
libx11source(unstable)2:1.6.10-1

Notes

[buster] - libx11 <no-dsa> (Minor issue)
https://lists.x.org/archives/xorg-announce/2020-July/003050.html
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/0e6561efcfaa0ae7b5c74eac7e064b76d687544e
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/388b303c62aa35a245f1704211a023440ad2c488
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/2fcfcc49f3b1be854bb9085993a01d17c62acf60
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1a566c9e00e5f35c1f9e7f3d741a02e5170852b2
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1703b9f3435079d3c6021e1ee2ec34fd4978103d
Original patchset introduces regression: https://bugs.debian.org/966691
Follow-up for regression: https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/116

Search for package or bug name: Reporting problems