Double free in libX11 locale handling code
==========================================
CVE-2020-14363
There is an integer overflow and a double free vulnerability in the way
LibX11 handles locales. The integer overflow is a necessary precursor to
the double free.
X.Org security advisory: July 31, 2020
X Server Pixel Data Uninitialized Memory Information Disclosure
===============================================================
CVE-2020-14347
Allocation for pixmap data in AllocatePixmap() does not initialize the
memory in xserver, it leads to leak uninitialize heap memory to
clients. When the X server runs with elevated privileges.
This flaw can lead to ASLR bypass, which when combined with other
flaws (known/unknown) could lead to lead to privilege elevation in the
client.
X.Org security advisory: July 31, 2020
Heap corruption in the X input method client in libX11
======================================================
CVE-2020-14344
The X Input Method (XIM) client implementation in libX11 has some
integer overflows and signed/unsigned comparison issues that can lead
to heap corruption when handling malformed messages from an input
method.
upstream switched from autotools to meson, thus all libtool file
are gone. Rebuild all ports dependent on libdrm to fix wrong entries
in their *.la files, probably most of xorg-xf86-video-*.
Use the following script to find problematic ports:
for f in $(grep -lrs libdrm.la /usr/lib); do pkginfo -o $f | \
awk '!/^Package/ {print $1}'; done | sort -u