From 63a7e05edc0394b8594fb45169d1ec77071665c4 Mon Sep 17 00:00:00 2001
From: AlanCoopersmith <AlanCoopersmith@web>
Date: Fri, 12 Apr 2024 19:47:18 +0200
Subject: Add April 2024 X server advisory

---
 Development/Security.mdwn | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/Development/Security.mdwn b/Development/Security.mdwn
index c441a5c9..fd930b35 100644
--- a/Development/Security.mdwn
+++ b/Development/Security.mdwn
@@ -10,6 +10,16 @@ See the [[Security Checklist|Development/Security/Checklist]] for the list of th
 
 ## X.Org 7.7
 
+* April 3, 2024 Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5
+ * CVE-2024-31080: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
+ * CVE-2024-31081: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
+ * CVE-2024-31082: Heap buffer overread/data leakage in ProcAppleDRICreatePixmap
+ * CVE-2024-31083: User-after-free in ProcRenderAddGlyphs
+ * Fixed in [[xwayland 23.2.5|https://lists.x.org/archives/xorg-announce/2024-April/003498.html]]
+ * Fixed in [[xorg-server 21.1.12|https://lists.x.org/archives/xorg-announce/2024-April/003499.html]]
+ * Please see [[the advisory|https://lists.x.org/archives/xorg-announce/2024-April/003497.html]] for more information
+ * Note that the fix for CVE-2024-31083 introduced a regression, which was fixed in [[xwayland 23.2.6|https://lists.x.org/archives/xorg-announce/2024-April/003503.html]] and [[xorg-server 21.1.13|https://lists.x.org/archives/xorg-announce/2024-April/003504.html]], see [[the advisory|https://lists.x.org/archives/xorg-announce/2024-April/003505.html]] for more information
+
 * January 16, 2024 Issues in X.Org X server prior to 21.1.11 and Xwayland prior to 23.2.4
  * CVE-2023-6816: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
  * CVE-2024-0229: Reattaching to different master device may lead to out-of-bounds memory access
-- 
cgit v1.2.3