Add Jan 16 2024 X.Org X server and Xwayland advisory

1 files changed, 11 insertions, 0 deletions

diff --git a/Development/Security.mdwn b/Development/Security.mdwn
index 8488b854..c441a5c9 100644
--- a/Development/Security.mdwn
+++ b/Development/Security.mdwn
@@ -10,6 +10,17 @@ See the [[Security Checklist|Development/Security/Checklist]] for the list of th
 
 ## X.Org 7.7
 
+* January 16, 2024 Issues in X.Org X server prior to 21.1.11 and Xwayland prior to 23.2.4
+ * CVE-2023-6816: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
+ * CVE-2024-0229: Reattaching to different master device may lead to out-of-bounds memory access
+ * CVE-2024-21885: Heap buffer overflow in XISendDeviceHierarchyEvent
+ * CVE-2024-21886: Heap buffer overflow in DisableDevice
+ * CVE-2024-0409: SELinux context corruption
+ * CVE-2024-0408: SELinux unlabeled GLX PBuffer
+ * Fixed in [[xwayland 23.2.4|https://lists.x.org/archives/xorg-announce/2024-January/003443.html]]
+ * Fixed in [[xorg-server 21.1.11|https://lists.x.org/archives/xorg-announce/2024-January/003442.html]]
+ * Please see [[the advisory|https://lists.x.org/archives/xorg-announce/2024-January/003444.html]] for more information
+
 * October 2, 2023 Issues in libX11 prior to 1.8.7 & libXpm prior to 3.5.17
  * CVE-2023-43785 libX11: out-of-bounds memory access in _XkbReadKeySyms()
  * CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage()