1 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch
new file mode 100644
index 0000000000..ef2ee5d55e
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch
@@ -0,0 +1,38 @@
+From 0ba6d8c37071131a49790243cdac55392ecf71ec Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Wed, 25 Jan 2023 11:41:40 +1000
+Subject: [PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses
+CVE-2023-0494, ZDI-CAN-19596
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec]
+CVE: CVE-2023-0494
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ Xi/exevents.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+diff --git a/Xi/exevents.c b/Xi/exevents.c
+index 217baa9561..dcd4efb3bc 100644
+--- a/Xi/exevents.c
+++ b/Xi/exevents.c
+@@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
+             memcpy(to->button->xkb_acts, from->button->xkb_acts,
+                    sizeof(XkbAction));
+         }
+-        else
+        else {
+             free(to->button->xkb_acts);
+            to->button->xkb_acts = NULL;
+        }
+ 
+         memcpy(to->button->labels, from->button->labels,
+                from->button->numButtons * sizeof(Atom));
+-- 
+GitLab

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch new file mode 100644 index 0000000000..ef2ee5d55e --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch
@@ -0,0 +1,38 @@
	1	From 0ba6d8c37071131a49790243cdac55392ecf71ec Mon Sep 17 00:00:00 2001
	2	From: Peter Hutterer <peter.hutterer@who-t.net>
	3	Date: Wed, 25 Jan 2023 11:41:40 +1000
	4	Subject: [PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses
	5
	6	CVE-2023-0494, ZDI-CAN-19596
	7
	8	This vulnerability was discovered by:
	9	Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
	10
	11	Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
	12
	13	Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec]
	14	CVE: CVE-2023-0494
	15	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
	16	---
	17	Xi/exevents.c \| 4 +++-
	18	1 file changed, 3 insertions(+), 1 deletion(-)
	19
	20	diff --git a/Xi/exevents.c b/Xi/exevents.c
	21	index 217baa9561..dcd4efb3bc 100644
	22	--- a/Xi/exevents.c
	23	+++ b/Xi/exevents.c
	24	@@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
	25	memcpy(to->button->xkb_acts, from->button->xkb_acts,
	26	sizeof(XkbAction));
	27	}
	28	- else
	29	+ else {
	30	free(to->button->xkb_acts);
	31	+ to->button->xkb_acts = NULL;
	32	+ }
	33
	34	memcpy(to->button->labels, from->button->labels,
	35	from->button->numButtons * sizeof(Atom));
	36	--
	37	GitLab
	38