Bug#1108073: xorg-server: Followup to CVE-2025-49176

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1108073: xorg-server: Followup to CVE-2025-49176
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 20 Jun 2025 06:36:53 +0200
Message-id: <[🔎] 175039421387.2349600.2308087734344765432.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1108073@bugs.debian.org

Source: xorg-server
Version: 2:21.1.16-1.2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

As per

https://www.openwall.com/lists/oss-security/2025/06/18/2
https://gitlab.freedesktop.org/xorg/xserver/-/commit/4fc4d76b2c7aaed61ed2653f997783a3714c4fe1

there is another case where the BigRequest length can cause an
overflow, so an additional commit is required as followup to the fixes
for CVE-2025-49176.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Processed: xorg-server: diff for NMU version 2:21.1.16-1.3
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1108073: xorg-server: diff for NMU version 2:21.1.16-1.3
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#1108073: marked as done (xorg-server: Followup to CVE-2025-49176)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Trixie xorg crash (was: Trixie hangs during boot after upgrade)
Next by Date: Processed: xorg-server: diff for NMU version 2:21.1.16-1.3
Previous by thread: Re: Trixie xorg crash (was: Trixie hangs during boot after upgrade)
Next by thread: Processed: xorg-server: diff for NMU version 2:21.1.16-1.3
Index(es):
- Date
- Thread