[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#74248: [PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632
|
From: |
John Kehayias |
|
Subject: |
bug#74248: [PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632. |
|
Date: |
Thu, 28 Nov 2024 05:31:03 +0000 |
Hi Kaelyn,
(Andreas: your message did not go to the original author; CC'ing you and
Steve who you CC'ed in your message. If using debbugs through Emacs, for
instance, make sure you do a "wide-reply" or else the author isn't
included. I really wish a bug number email was an alias for a list.)
On Thu, Nov 07, 2024 at 09:33 PM, Kaelyn Takata wrote:
> This patch series updates xorg-server and xorg-server-xwayland to their latest
> versions to fix CVE-2024-9632, which Red Hat has rated "7.8 High" according to
> https://nvd.nist.gov/vuln/detail/CVE-2024-9632.
>
> The updated Xwayland depends on a newer version of presentproto than is
> available in the current xorgproto package, so I added xorgproto-next to
> satisfy Xwayland's dependency while avoiding triggering 10761 additional
> package rebuilds.
>
Thanks for the patches, sorry I missed this earlier.
> Kaelyn Takata (3):
> gnu: xorg-server: Update to 21.1.14. [security fixes]
I've applied this now as dd4b96e72c8fda4b025a75b47212e06e381e9ea1 (with
a minor change to move a period.)
> gnu: Add xorgproto-next.
> gnu: xorg-server-xwayland: Update to 24.1.4 [security fixes].
>
These two look like they were done similarly by Danny in
e6d1f571957e5668b844939070174aedf0bec673. CC'ing just to close the loop
here.
> gnu/packages/xorg.scm | 35 ++++++++++++++++++++++++++++-------
> 1 file changed, 28 insertions(+), 7 deletions(-)
>
>
> base-commit: 2a6d96425eea57dc6dd48a2bec16743046e32e06
> --
> 2.46.0
Thanks!
John