Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow

Resolves: RHEL-15237 Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty Resolves: RHEL-15249
2023-11-01 15:14:21 +01:00 · 2023-11-01 15:14:21 +01:00 · 71f9cb9382
commit 71f9cb9382
parent ebd2a0d7a1
1 changed files with 9 additions and 2 deletions
--- a/tigervnc.spec
+++ b/tigervnc.spec
@ -5,7 +5,7 @@

 Name:           tigervnc
 Version:        1.13.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        A TigerVNC remote display system

 %global _hardened_build 1
@ -367,9 +367,16 @@ fi

 %files selinux
 %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.*
-%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
+%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}

 %changelog
+* Wed Nov 01 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-4
+- Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow
+  Resolves: RHEL-15237
+
+- Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty
+  Resolves: RHEL-15249
+
 * Mon Oct 09 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-3
 - Support username alias in PlainUsers
  Resolves: RHEL-8430