Opened 2 years ago
Closed 2 years ago
#17403 closed enhancement (fixed)
xorg-server-21.1.5
| Reported by: | Douglas R. Reno | Owned by: | pierre |
|---|---|---|---|
| Priority: | high | Milestone: | 11.3 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version
Change History (6)
follow-up: 3 comment:1 by , 2 years ago
comment:2 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 2 years ago
Replying to Douglas R. Reno:
There have been six vulnerabilities discovered and fixed in the Xorg Server (and XWayland by extension).
On local systems, they can allow for privilege escalation. On remote systems (primarily ones which use X11 Forwarding), they will lead to remote code execution. Note that in one case, information disclosure is also possible
Details for those interested https://lists.x.org/archives/xorg-announce/2022-December/003302.html
comment:4 by , 2 years ago
Jeremy Huddleston Sequoia (3):
- xquartz: Remove unused macro (X11LIBDIR)
- xquartz: Move default applications list outside of the main executable
- meson: Don't build COMPOSITE for XQuartz
Peter Hutterer (8):
- Xtest: disallow GenericEvents in XTestSwapFakeInput
- Xi: disallow passive grabs with a detail > 255
- Xext: free the XvRTVideoNotify when turning off from the same client
- Xext: free the screen saver resource when replacing it
- Xi: return an error from XI property changes if verification failed
- Xi: avoid integer truncation in length check of ProcXIChangeProperty
- xkb: reset the radio_groups pointer to NULL after freeing it
- xserver 21.1.5
Note:
See TracTickets
for help on using tickets.
There have been six vulnerabilities discovered and fixed in the Xorg Server (and XWayland by extension).
On local systems, they can allow for privilege escalation. On remote systems (primarily ones which use X11 Forwarding), they will lead to remote code execution. Note that in one case, information disclosure is also possible