Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
X
xorg-server
Manage
Activity
Members
Labels
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Model registry
Operate
Environments
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
pkg
xorg-server
Merge requests
!71
Merge changes from apertis/v2022-security into apertis/v2022
Code
Review changes
Check out branch
Download
Patches
Plain diff
Merged
Merge changes from apertis/v2022-security into apertis/v2022
apertis/v2022-security
into
apertis/v2022
Overview
0
Commits
12
Pipelines
2
Changes
1
Merged
Andrej Shadura
requested to merge
apertis/v2022-security
into
apertis/v2022
1 year ago
Overview
0
Commits
12
Pipelines
2
Changes
1
Expand
0
0
Merge request reports
Viewing commit
569f2ea5
Prev
Next
Show latest version
1 file
+
9
−
0
Inline
Compare changes
Side-by-side
Inline
Show whitespace changes
Show one file at a time
569f2ea5
Release xorg-server version 2:1.20.11-1+deb11u10+apertis1
· 569f2ea5
Apertis CI robot
authored
1 year ago
debian/changelog
+
92
−
0
Options
xorg-server (2:1.20.11-1+deb11u11+apertis1) apertis; urgency=medium
* Sync updates from Debian Bullseye Security.
* Remaining Apertis specific changes:
+ Add patch disable-libgl-in-xwayland.patch to disable glamor and
glxvnd in xwayland to avoid Xwayland depending on big GL.
-- Apertis CI <devel@lists.apertis.org> Wed, 24 Jan 2024 08:43:18 +0000
xorg-server (2:1.20.11-1+deb11u11) bullseye-security; urgency=high
* Non-maintainer upload by the Security Team.
* Xi: require a pointer and keyboard device for XIAttachToMaster
* dix: allocate enough space for logical button maps (CVE-2023-6816)
* dix: Allocate sufficient xEvents for our DeviceStateNotify (CVE-2024-0229)
* dix: fix DeviceStateNotify event calculation (CVE-2024-0229)
* Xi: when creating a new ButtonClass, set the number of buttons
(CVE-2024-0229)
* Xi: flush hierarchy events after adding/removing master devices
(CVE-2024-21885)
* Xi: do not keep linked list pointer during recursion (CVE-2024-21886)
* dix: when disabling a master, float disabled slaved devices too
(CVE-2024-21886)
* ephyr,xwayland: Use the proper private key for cursor
* glx: Call XACE hooks on the GLX buffer
* dix: Fix use after free in input device shutdown
-- Salvatore Bonaccorso <carnil@debian.org> Mon, 22 Jan 2024 07:21:42 +0100
xorg-server (2:1.20.11-1+deb11u10+apertis1) apertis; urgency=medium
* Sync updates from Debian Bullseye Security.
* Remaining Apertis specific changes:
+ Add patch disable-libgl-in-xwayland.patch to disable glamor and
glxvnd in xwayland to avoid Xwayland depending on big GL.
-- Apertis CI <devel@lists.apertis.org> Mon, 18 Dec 2023 10:07:53 +0000
xorg-server (2:1.20.11-1+deb11u10) bullseye-security; urgency=high
* Non-maintainer upload by the Security Team.
* Sync "Xi: allocate enough XkbActions for our buttons" (CVE-2023-6377)
The original upstream patch applied for CVE-2023-6377 was incomplete and
still allows OOM access.
This update syncs the patch with the upstream applied patch.
-- Salvatore Bonaccorso <carnil@debian.org> Fri, 15 Dec 2023 06:14:11 +0100
xorg-server (2:1.20.11-1+deb11u9+apertis1) apertis; urgency=medium
* Sync updates from Debian Bullseye Security.
* Remaining Apertis specific changes:
+ Add patch disable-libgl-in-xwayland.patch to disable glamor and
glxvnd in xwayland to avoid Xwayland depending on big GL.
-- Apertis CI <devel@lists.apertis.org> Fri, 15 Dec 2023 09:45:31 +0000
xorg-server (2:1.20.11-1+deb11u9) bullseye-security; urgency=high
* Non-maintainer upload by the Security Team.
* Xi: allocate enough XkbActions for our buttons (CVE-2023-6377)
* randr: avoid integer truncation in length check of ProcRRChange*Property
(CVE-2023-6478)
-- Salvatore Bonaccorso <carnil@debian.org> Sat, 09 Dec 2023 12:19:55 +0100
xorg-server (2:1.20.11-1+deb11u8+apertis1) apertis; urgency=medium
* Sync updates from Debian Bullseye Security.
* Remaining Apertis specific changes:
+ Add patch disable-libgl-in-xwayland.patch to disable glamor and
glxvnd in xwayland to avoid Xwayland depending on big GL.
-- Apertis CI <devel@lists.apertis.org> Thu, 02 Nov 2023 09:12:36 +0000
xorg-server (2:1.20.11-1+deb11u8) bullseye-security; urgency=high
* 0003-mi-fix-CloseScreen-initialization-order.patch,
0004-fb-properly-wrap-unwrap-CloseScreen.patch: drop, causes other
bugs that are worse than CVE-2023-5574.
-- Julien Cristau <jcristau@debian.org> Wed, 25 Oct 2023 09:47:13 +0200
xorg-server (2:1.20.11-1+deb11u7) bullseye-security; urgency=high
* Xi/randr: fix handling of PropModeAppend/Prepend (CVE-2023-5367)
* mi: reset the PointerWindows reference on screen switch (CVE-2023-5380)
* mi: fix CloseScreen initialization order
* fb: properly wrap/unwrap CloseScreen (CVE-2023-5574)
-- Julien Cristau <jcristau@debian.org> Mon, 23 Oct 2023 19:26:14 +0200
xorg-server (2:1.20.11-1+deb11u6+apertis1) apertis; urgency=medium
* Sync updates from Debian Bullseye Security.
Loading
Apertis CI robot authored