Opened 5 months ago

Closed 5 months ago

#17422 closed enhancement (fixed)

xorg-server-21.1.6 (Security update)

Reported by: Bruce Dubbs Owned by: pierre
Priority: elevated Milestone: 11.3
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by pierre, 5 months ago

Owner: changed from blfs-book to pierre
Status: newassigned

comment:2 by pierre, 5 months ago

Priority: normalelevated
Summary: xorg-server-21.1.6xorg-server-21.1.6 (Security update)

This release fixes an invalid event type mask in XTestSwapFakeInput which was inadvertently changed from octal 0177 to hexadecimal 0x177 in the fix for CVE-2022-46340.

It also includes backports for a couple of fixes in XQuartz and fixes for XKB (noticeably for CVE-2022-3550 and CVE-2022-3551).

Jeremy Huddleston Sequoia (1):

  • xquartz: Fix some formatting

John D Pell (1):

  • XQuartz: stub: Call LSOpenApplication instead of fork()/exec()

Olivier Fourdan (1):

  • xserver 21.1.6

Peter Hutterer (3):

  • xkb: proof GetCountedString against request length attacks
  • xkb: fix some possible memleaks in XkbGetKbdByName
  • Xext: fix invalid event type mask in XTestSwapFakeInput

Two new CVE's

comment:3 by pierre, 5 months ago

Update committed 805d2411. SA pending.

comment:4 by pierre, 5 months ago

Resolution: fixed
Status: assignedclosed

SA at commit 61f3a09 in the www repository.

Note: See TracTickets for help on using tickets.