Re: [SECURITY] [DLA 4353-1] xorg-server security update

[Thorsten Alteholz <debian@alteholz.de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Sorry, there was a wrong version of the package in this DLA. The fixed 
version in Bullseye should have been:

   2:1.20.11-1+deb11u17

(The mentioned version was that of the fixed package in Buster.)

  Thorsten



On Wed, 29 Oct 2025, Thorsten Alteholz wrote:

> -------------------------------------------------------------------------
> Debian LTS Advisory DLA-4353-1                debian-lts@lists.debian.org
> https://www.debian.org/lts/security/                    Thorsten Alteholz
> October 29, 2025                              https://wiki.debian.org/LTS
> -------------------------------------------------------------------------
>
> Package        : xorg-server
> Version        : 2:1.20.4-1+deb10u18
> CVE ID         : CVE-2025-62229 CVE-2025-62230 CVE-2025-62231
>
>
> Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server,
> which may result in privilege escalation if the X server is running
> privileged.
>
>
> For Debian 11 bullseye, these problems have been fixed in version
> 2:1.20.4-1+deb10u18.
>
> We recommend that you upgrade your xorg-server packages.
>
> For the detailed security status of xorg-server please refer to
> its security tracker page at:
> https://security-tracker.debian.org/tracker/xorg-server
>
> Further information about Debian LTS security advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://wiki.debian.org/LTS
>
> gpg: Signatur vom Mi 29 Okt 2025 13:31:58 UTC
> gpg:                mittels RSA-Schlüssel 
> 6201FBFFDBBDE07822EABB9696FCAC0D387B5847
> gpg: Korrekte Signatur von "Thorsten Alteholz <debian@alteholz.de>" 
> [ultimativ]
> gpg:                     alias "Thorsten Alteholz 
> <debian-3dprinting@alteholz.de>" [ultimativ]
> gpg:                     alias "Thorsten Alteholz <alteholz@debian.org>" 
> [ultimativ]
> gpg:                     alias "Thorsten Alteholz <debian-med@alteholz.de>" 
> [ultimativ]
> gpg:                     alias "Thorsten Alteholz <debian-mips@alteholz.de>" 
> [ultimativ]
> gpg:                     alias "Thorsten Alteholz <debian-devel@alteholz.de>" 
> [ultimativ]
> gpg:                     alias "Thorsten Alteholz 
> <debian-wb-team@alteholz.de>" [ultimativ]
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmkCUS5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfAHhAAs+cSyToCG5q1jDOVAeF+Nbm9CybeLm2IEaB5WY03OjntjX4ffdvr817h
BeW/JX6FNwEXVnv1YYt4BkVKMzO49D7EYMu0tU/z5IC6j1nGWZYDDthxl3GL0B0h
VRxYM79QPH8Tu5GsqqFIu0H8mSxWlbvupzxcVCDYFPv2O1WMWIaWuKWayk7zriat
aJRoRN3QMq70xHBqmqkezWdVWQ4oa+U6MoYuhP+uV1KJgFjVlseb8eIkNM6neDuI
rMPzicHbSXhcCdVHZdSnC5MEIzkAo59eNE6zXa5sviJRCT9+RZ+mChwKeL0KnAIu
7CM5P5jDtrAL1c1ZCsQ0lopwBQEnBfpdlaIcZy2h3eDVzXQtmIQhryQnknRoHEBB
L5d/bSiFWffW2SZiHFq/8Yw4X8MqUJnt2hWfx5SpSX8J7PWaySqNOkoTlsNR7+E+
qa8+sc1cBi0hg+ZZn1uop8Q3XqDNY+c9dolHLb1utoMxKRf7YmMXSCT5rIVMGktH
aXVKCyogRgumZlwAwnMYf5iniAYU9G5nUCI6tAro4GDZ/AHI+fh9zPuzTLLXo43O
s1Ijl7++h23QBHd5Y1EkyYH/CRbdY1TnUTzsQVd6da/vsNxoeL6sapJ4WM112Vm2
OLqlS+/Pn96Ak47SmN6D5M9rv7oXMHFymQhj38DpKNMdTmcQ2Bg=
=syKa
-----END PGP SIGNATURE-----