Summary: | <x11-base/xorg-server-21.1.9 <x11-base/xwayland-23.2.2: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ajak |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.x.org/archives/xorg-announce/2023-October/003430.html | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=916388 | ||
Whiteboard: | A3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 916437, 916442 | ||
Bug Blocks: |
Description
Sam James
2023-10-25 02:18:27 UTC
Per Peter at https://fosstodon.org/@whot/111293224860265744 "Three CVEs but statistically only the first one (5367) will matter to you. And even that one really only if you're running X as root. The second one affects Zaphod setups only and the third one only Xvfb with a Zaphod setup so they're well into niche territory, past the Unlikely canyon, and currently climbing the Improbably mountain." The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b4db39b0d72f93d5c46898cb262d8c5349542cc commit 9b4db39b0d72f93d5c46898cb262d8c5349542cc Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2023-10-25 15:29:54 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2023-10-25 15:41:30 +0000 x11-base/xorg-server: Version bump to 21.1.9 Bug: https://bugs.gentoo.org/916254 Closes: https://bugs.gentoo.org/884221 Closes: https://bugs.gentoo.org/909092 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-base/xorg-server/Manifest | 1 + ...1.9-xephyr-Don-t-check-for-SeatId-anymore.patch | 66 +++++++ x11-base/xorg-server/xorg-server-21.1.9.ebuild | 194 +++++++++++++++++++++ 3 files changed, 261 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ac627f3c6badbf889971107157737bced0907ac commit 5ac627f3c6badbf889971107157737bced0907ac Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2023-10-25 15:27:21 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2023-10-25 15:41:30 +0000 x11-base/xwayland: Version bump to 23.2.2 Bug: https://bugs.gentoo.org/916254 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-base/xwayland/Manifest | 1 + x11-base/xwayland/xwayland-23.2.2.ebuild | 110 +++++++++++++++++++++++++++++++ 2 files changed, 111 insertions(+) I've added a separate bug for CVE-2023-5574 since that isn't fixed yet, so we can proceed with the two fixed issues in this bug. commit 637e44f058d0f6d13a6339fe09ecaa5fddef4ba2 Author: Matt Turner <mattst88@gentoo.org> Date: Sat Nov 25 12:14:05 2023 -0500 x11-base/xorg-server: Drop old versions commit 11717276feab2c0d5fe2f1ef027a574c5b325e07 Author: Matt Turner <mattst88@gentoo.org> Date: Sat Nov 25 12:14:09 2023 -0500 x11-base/xwayland: Drop old versions The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=7b7fdd5a86cd28fc118fb133c98e81e2b15e0b92 commit 7b7fdd5a86cd28fc118fb133c98e81e2b15e0b92 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-31 11:33:19 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-31 11:35:22 +0000 [ GLSA 202401-30 ] X.Org X Server, XWayland: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/916254 Bug: https://bugs.gentoo.org/919803 Bug: https://bugs.gentoo.org/922395 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-30.xml | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) |