[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1107941: unblock: xorg-server/2:21.1.16-1.2

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: xorg-server@packages.debian.org, Debian X Strike Force <debian-x@lists.debian.org>, Emilio Pozuelo Monfort <pochu@debian.org>, Timo Aaltonen <tjaalton@ubuntu.com>, Julien Cristau <jcristau@debian.org>, carnil@debian.org, debian-boot@lists.debian.org, kibi@debian.org
Control: affects -1 + src:xorg-server
User: release.debian.org@packages.debian.org
Usertags: unblock

Control: tags -1 + d-i

Hi,

Please unblock package xorg-server

[ Reason ]
xorg-server is prone to several CVEs as published today in
https://lists.freedesktop.org/archives/xorg-announce/2025-June/003608.html,
more precisely CVE-2025-49175, CVE-2025-49176, CVE-2025-49177,
CVE-2025-49178, CVE-2025-49179 and CVE-2025-49180.

[ Impact ]
Version in trixie remains (for now vulnerable o those CVEs). A DSA for
bookworm is planned after bit of exposure in unstable.

[ Tests ]
None concretely for the CVEs, basic functional tests.

[ Risks ]
Patches come from upstream, in past we had some fallouts. OTOH we got
validated patches from upstream which got applied.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock xorg-server/2:21.1.16-1.2

Regards,
Salvatore
Reply to: