CVE-2021-31535

NameCVE-2021-31535
DescriptionLookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might a ...
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2666-1, DSA-4920-1, ELA-433-1
Debian Bugs988737

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libx11 (PTS)jessie, jessie (lts)2:1.6.2-3+deb8u5fixed
stretch2:1.6.4-3+deb9u1vulnerable
stretch (security)2:1.6.4-3+deb9u4fixed
buster, buster (security)2:1.6.7-1+deb10u2fixed
bullseye2:1.7.1-1fixed
sid2:1.7.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libx11sourcejessie2:1.6.2-3+deb8u5ELA-433-1
libx11sourcestretch2:1.6.4-3+deb9u4DLA-2666-1
libx11sourcebuster2:1.6.7-1+deb10u2DSA-4920-1
libx11source(unstable)2:1.7.1-1988737

Notes

https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605
https://www.openwall.com/lists/oss-security/2021/05/18/2
https://www.openwall.com/lists/oss-security/2021/05/18/3
https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt
https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/

Search for package or bug name: Reporting problems