Your message dated Wed, 27 Aug 2025 07:55:44 +0000 with message-id <E1urB0S-0089yH-0v@fasolo.debian.org> and subject line Bug#1108369: fixed in xwayland 2:24.1.8-1 has caused the Debian Bug report #1108369, regarding xwayland: CVE-2025-49175 CVE-2025-49176 CVE-2025-49177 CVE-2025-49178 CVE-2025-49179 CVE-2025-49180 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1108369: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108369 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: xwayland: CVE-2025-49175 CVE-2025-49176 CVE-2025-49177 CVE-2025-49178 CVE-2025-49179 CVE-2025-49180
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Fri, 27 Jun 2025 06:16:06 +0200
- Message-id: <175099776686.191527.11606663389698781122.reportbug@eldamar.lan>
Source: xwayland Version: 2:24.1.6-1 Severity: normal Tags: security upstream X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org> Hi, The following vulnerabilities were published for xwayland. CVE-2025-49175[0]: | A flaw was found in the X Rendering extension's handling of animated | cursors. If a client provides no cursors, the server assumes at | least one is present, leading to an out-of-bounds read and potential | crash. CVE-2025-49176[1]: | A flaw was found in the Big Requests extension. The request length | is multiplied by 4 before checking against the maximum allowed size, | potentially causing an integer overflow and bypassing the size | check. CVE-2025-49177[2]: | A flaw was found in the XFIXES extension. The | XFixesSetClientDisconnectMode handler does not validate the request | length, allowing a client to read unintended memory from previous | requests. CVE-2025-49178[3]: | A flaw was found in the X server's request handling. Non-zero 'bytes | to ignore' in a client's request can cause the server to skip | processing another client's request, potentially leading to a denial | of service. CVE-2025-49179[4]: | A flaw was found in the X Record extension. The | RecordSanityCheckRegisterClients function does not check for an | integer overflow when computing request length, which allows a | client to bypass length checks. CVE-2025-49180[5]: | A flaw was found in the RandR extension, where the | RRChangeProviderProperty function does not properly validate input. | This issue leads to an integer overflow when computing the total | size to allocate. there is still the [6] change with the addition by Timo, which still would be great to make it into trixie, in particular then we can start not considering xwayland CVEs as well for tracking. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-49175 https://www.cve.org/CVERecord?id=CVE-2025-49175 [1] https://security-tracker.debian.org/tracker/CVE-2025-49176 https://www.cve.org/CVERecord?id=CVE-2025-49176 [2] https://security-tracker.debian.org/tracker/CVE-2025-49177 https://www.cve.org/CVERecord?id=CVE-2025-49177 [3] https://security-tracker.debian.org/tracker/CVE-2025-49178 https://www.cve.org/CVERecord?id=CVE-2025-49178 [4] https://security-tracker.debian.org/tracker/CVE-2025-49179 https://www.cve.org/CVERecord?id=CVE-2025-49179 [5] https://security-tracker.debian.org/tracker/CVE-2025-49180 https://www.cve.org/CVERecord?id=CVE-2025-49180 [6] https://salsa.debian.org/xorg-team/wayland/xwayland/-/commit/84145e011fb98fea74878e07335bd22e9bfed531 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---
- To: 1108369-close@bugs.debian.org
- Subject: Bug#1108369: fixed in xwayland 2:24.1.8-1
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 27 Aug 2025 07:55:44 +0000
- Message-id: <E1urB0S-0089yH-0v@fasolo.debian.org>
- Reply-to: Timo Aaltonen <tjaalton@debian.org>
Source: xwayland Source-Version: 2:24.1.8-1 Done: Timo Aaltonen <tjaalton@debian.org> We believe that the bug you reported is fixed in the latest version of xwayland, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1108369@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Timo Aaltonen <tjaalton@debian.org> (supplier of updated xwayland package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 27 Aug 2025 10:25:23 +0300 Source: xwayland Built-For-Profiles: noudeb Architecture: source Version: 2:24.1.8-1 Distribution: unstable Urgency: medium Maintainer: Debian X Strike Force <debian-x@lists.debian.org> Changed-By: Timo Aaltonen <tjaalton@debian.org> Closes: 1108369 Changes: xwayland (2:24.1.8-1) unstable; urgency=medium . * Add README.Debian.security to clarify how the security issues are inherited from the shared codebase with xorg-server, and don't actually apply to xwayland. Thanks, Moritz Muehlenhoff! * New upstream release. (Closes: #1108369) - CVE-2025-49175 - CVE-2025-49176 - CVE-2025-49177 - CVE-2025-49178 - CVE-2025-49179 - CVE-2025-49180 Checksums-Sha1: b758b5940bd6adac4ec55c86179632b0bb858419 2528 xwayland_24.1.8-1.dsc 85612f880ae2bae293842aa27760fab1fa396c3e 1303408 xwayland_24.1.8.orig.tar.xz e9cedc0723ddf6e3a240d79bb3b9ec23e49c4ff4 195 xwayland_24.1.8.orig.tar.xz.asc c6a779eb7b56aa827909b6942cd412b6a42f7f83 35336 xwayland_24.1.8-1.debian.tar.xz 88794416e8644b1935d8cd7caf4dfcaec7d92620 10755 xwayland_24.1.8-1_source.buildinfo Checksums-Sha256: 54500ed463482bb9377d6f2ab54aa3fe8745fc25174838384dc8dc32d570001b 2528 xwayland_24.1.8-1.dsc c8908d57c8ed9ceb8293c16ba7ad5af522efaf1ba7e51f9e4cf3c0774d199907 1303408 xwayland_24.1.8.orig.tar.xz 67235e756369943ac9205a5d5ba63a4768d7977eda9632ce8bd6595991b2c70d 195 xwayland_24.1.8.orig.tar.xz.asc 3b2f5a7b6cf20e502d3f6edcb64e298659378fbf751417d07f0d26147e48f193 35336 xwayland_24.1.8-1.debian.tar.xz 6d805a815efff3b03a09b542fec7f8d8e7664747b97b7887f6d5fa678f7b52d1 10755 xwayland_24.1.8-1_source.buildinfo Files: d66281bb8ebb607ad2dd8d71e374ba81 2528 x11 optional xwayland_24.1.8-1.dsc 1644a66e2843a400885e90051094b582 1303408 x11 optional xwayland_24.1.8.orig.tar.xz e6659cd76d1c4a1617cf41d0761d196e 195 x11 optional xwayland_24.1.8.orig.tar.xz.asc f95be4e0b6dd646fef01c795533761d2 35336 x11 optional xwayland_24.1.8-1.debian.tar.xz 07812465fa712d3986aecb0453d87bfc 10755 x11 optional xwayland_24.1.8-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAmiusvYACgkQy3AxZaiJ hNyTrw//bDfsgS73B1hyHg5p6RfO0UBF6OC1/NT7KXjPFYUw5/B4lWZgJUhQtzlX JxuE4K+U9sDLgmRxAx05MB9LbVokuQyONjugN0nbmrXv5QIsKpisc6onn9SQIc3q VKN/mr1A4r98l4ZxKPwuJYW3A/1TCvk8lCCLzx2Qh9QL5d/6tzrxVqkrH+W4WNsF rJurnHHh2e/EdjrSuC/6nDpOwYon+8epsWCZE2LJ0sKLG9yPpWz11yQqs5vKQkQ8 M9C+2IrTQuQ4LsRbJWHWY/zEVGFe5OJmMtE/dRVUNvBfdpfmKiqNnCnl79HcIbQn aE2cjTiRzYa3KxDZqHRwKgw5k5ceNFwehNMrGfN+KNBGg0dg8nC6Pl9iIf4KndgS 5obH0lsuz3ZDUBAGOCX6v95SummYNQN19YUjYZ4hSuDYYcVbaTYazcpyxNPQgujG Y+4lKN8G3HYkTYE0y/sTDn32cs00eyQSg2S+wwiBoYvEXbBi+b2CuBZ2SOYltS0+ dFTadRQi+9o6NDBBEQgOavorTa4kQjnthvPvu0P37VIpjGJR4cbXjlheJPmSjzr/ ZAujZn7qMDyIVfOFuJjFlWa7fm1Ta4k1QYkxE21HfttuN6EmXMUen/jSfjsgeUC7 mbjgzMWNoqrFXLbncwuYMf3DSCLFJC3HM4IPAHJd36Tp3dHEP5Q= =3dYm -----END PGP SIGNATURE-----Attachment: pgpeGvWmtxmz8.pgp
Description: PGP signature
--- End Message ---