[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposed security update for xorg-server/bullseye-security

Hi Emilio

On Fri, Aug 05, 2022 at 10:13:45AM +0200, Emilio Pozuelo Monfort wrote:
> Hi,
> 
> I have prepared an update for xorg-server, addressing CVE-2022-2319 and
> CVE-2022-2320. I have tested it on my development machine without any issues
> so far, and I'm not aware of any upstream regressions.

Thanks, someone will come back for that to you. It warrants a DSA so
thanks for having done the work.

> fwiw looks like these also affect src:xwayland (which is not in any Debian
> release), I'll double check and add it to the security-tracker if so, so
> that it can be tracked.

Yes, we actually added it in fd093cf74dde2df99d46ebe46e6ba945e331a82c
then after short discussion with Moritz on IRC reverted it as
8b6b2a24ca3005359094d1142a7f5602b5136830 as it was unclear if in
wayland context it has a security impact. If you can assess that then
please happily add it back.

Regards,
Salvatore
Reply to: