CVE-2021-31535

NameCVE-2021-31535
DescriptionLookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might a ...
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2666-1, DSA-4920-1
Debian Bugs988737

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libx11 (PTS)bullseye (security), bullseye2:1.7.2-1+deb11u2fixed
bookworm, bookworm (security)2:1.8.4-2+deb12u2fixed
trixie2:1.8.12-1fixed
forky, sid2:1.8.13-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libx11sourcestretch2:1.6.4-3+deb9u4DLA-2666-1
libx11sourcebuster2:1.6.7-1+deb10u2DSA-4920-1
libx11source(unstable)2:1.7.1-1988737

Notes

https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605
https://www.openwall.com/lists/oss-security/2021/05/18/2
https://www.openwall.com/lists/oss-security/2021/05/18/3
https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt
https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/
Search for package or bug name: Reporting problems