xorg-server-21.1.5

[Douglas R. Reno]

New point version

[Douglas R. Reno]

There have been six vulnerabilities discovered and fixed in the Xorg Server (and XWayland by extension).

On local systems, they can allow for privilege escalation. On remote systems (primarily ones which use X11 Forwarding), they will lead to remote code execution. Note that in one case, information disclosure is also possible

[pierre]

Replying to Douglas R. Reno:

There have been six vulnerabilities discovered and fixed in the Xorg Server (and XWayland by extension).

On local systems, they can allow for privilege escalation. On remote systems (primarily ones which use X11 Forwarding), they will lead to remote code execution. Note that in one case, information disclosure is also possible

Details for those interested ​https://lists.x.org/archives/xorg-announce/2022-December/003302.html

[pierre]

Jeremy Huddleston Sequoia (3):

• xquartz: Remove unused macro (X11LIBDIR)
• xquartz: Move default applications list outside of the main executable
• meson: Don't build COMPOSITE for XQuartz

Peter Hutterer (8):

• Xtest: disallow GenericEvents in XTestSwapFakeInput
• Xi: disallow passive grabs with a detail > 255
• Xext: free the XvRTVideoNotify when turning off from the same client
• Xext: free the screen saver resource when replacing it
• Xi: return an error from XI property changes if verification failed
• Xi: avoid integer truncation in length check of ProcXIChangeProperty
• xkb: reset the radio_groups pointer to NULL after freeing it
• xserver 21.1.5

[pierre]

SA at commit e0392da in www.git.

[pierre]

Fixed at commit 0e806de8b