Bug#1107941: unblock: xorg-server/2:21.1.16-1.2
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: xorg-server@packages.debian.org, Debian X Strike Force <debian-x@lists.debian.org>, Emilio Pozuelo Monfort <pochu@debian.org>, Timo Aaltonen <tjaalton@ubuntu.com>, Julien Cristau <jcristau@debian.org>, carnil@debian.org, debian-boot@lists.debian.org, kibi@debian.org
Control: affects -1 + src:xorg-server
User: release.debian.org@packages.debian.org
Usertags: unblock
Control: tags -1 + d-i
Hi,
Please unblock package xorg-server
[ Reason ]
xorg-server is prone to several CVEs as published today in
https://lists.freedesktop.org/archives/xorg-announce/2025-June/003608.html,
more precisely CVE-2025-49175, CVE-2025-49176, CVE-2025-49177,
CVE-2025-49178, CVE-2025-49179 and CVE-2025-49180.
[ Impact ]
Version in trixie remains (for now vulnerable o those CVEs). A DSA for
bookworm is planned after bit of exposure in unstable.
[ Tests ]
None concretely for the CVEs, basic functional tests.
[ Risks ]
Patches come from upstream, in past we had some fallouts. OTOH we got
validated patches from upstream which got applied.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock xorg-server/2:21.1.16-1.2
Regards,
Salvatore
Reply to: