xwayland-22.1.8

[Douglas R. Reno]

New point version

Fixes the same CVE as #17605.

Release Announcement Contents

This release contains the fix for CVE-2023-0494 in today's security
advisory: https://lists.x.org/archives/xorg-announce/2023-February/003320.html

It also fixes a second possible OOB access during EnqueueEvent.


Mike Gorse (1):
      dix: Use CopyPartialInternalEvent in EnqueueEvent

Olivier Fourdan (1):
      Bump version to 22.1.8

Peter Hutterer (1):
      Xi: fix potential use-after-free in DeepCopyPointerClasses

Povilas Kanapickas (1):
      dix: Correctly save replayed event into GrabInfoRec

git tag: xwayland-22.1.8

Security Advisory

X.Org Security Advisory: February 07, 2023

Security issue in the X server
==============================

This issue can lead to local privileges elevation on systems
where the X server is running privileged and remote code execution for
ssh X forwarding sessions.

* CVE-2023-0494/ZDI-CAN-19596: X.Org Server DeepCopyPointerClasses
use-after-free

A dangling pointer in DeepCopyPointerClasses can be exploited by
ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read/write into
freed memory.

Patches
-------
A patch for this issue has been committed to the xorg server git
repository. xorg-server 21.1.7 will be released shortly and will include
this patch.

- commit 0ba6d8c37071131a49790243cdac55392ecf71ec

  Xi: fix potential use-after-free in DeepCopyPointerClasses

  CVE-2023-0494, ZDI-CAN 19596

[pierre]

Updated at 40c9be776. SA to come.

[pierre]

SA done at b2c3988 in www repository.