Add April 2024 X server advisory

1 files changed, 10 insertions, 0 deletions

diff --git a/Development/Security.mdwn b/Development/Security.mdwn
index c441a5c9..fd930b35 100644
--- a/Development/Security.mdwn
+++ b/Development/Security.mdwn
@@ -10,6 +10,16 @@ See the [[Security Checklist|Development/Security/Checklist]] for the list of th
 
 ## X.Org 7.7
 
+* April 3, 2024 Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5
+ * CVE-2024-31080: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
+ * CVE-2024-31081: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
+ * CVE-2024-31082: Heap buffer overread/data leakage in ProcAppleDRICreatePixmap
+ * CVE-2024-31083: User-after-free in ProcRenderAddGlyphs
+ * Fixed in [[xwayland 23.2.5|https://lists.x.org/archives/xorg-announce/2024-April/003498.html]]
+ * Fixed in [[xorg-server 21.1.12|https://lists.x.org/archives/xorg-announce/2024-April/003499.html]]
+ * Please see [[the advisory|https://lists.x.org/archives/xorg-announce/2024-April/003497.html]] for more information
+ * Note that the fix for CVE-2024-31083 introduced a regression, which was fixed in [[xwayland 23.2.6|https://lists.x.org/archives/xorg-announce/2024-April/003503.html]] and [[xorg-server 21.1.13|https://lists.x.org/archives/xorg-announce/2024-April/003504.html]], see [[the advisory|https://lists.x.org/archives/xorg-announce/2024-April/003505.html]] for more information
+
 * January 16, 2024 Issues in X.Org X server prior to 21.1.11 and Xwayland prior to 23.2.4
  * CVE-2023-6816: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
  * CVE-2024-0229: Reattaching to different master device may lead to out-of-bounds memory access