[Git][security-tracker-team/security-tracker][master] Add new xorg-server issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 2 05:12:06 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6272393f by Salvatore Bonaccorso at 2026-06-02T06:06:28+02:00
Add new xorg-server issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2026-XXXX [Font Alias Stack-based Buffer Overflow]
+ - xorg-server <unfixed>
+ - xwayland <unfixed>
+ [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
+ [bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
+ NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/1
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bb5158f962dc935e58ef8b4b5fcb31be201a6e07
+CVE-2026-XXXX [XSYNC Use-After-Free in miSyncDestroyFence()]
+ - xorg-server <unfixed>
+ - xwayland <unfixed>
+ [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
+ [bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
+ NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/1
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/f5abfb61994471023d8c6470428c8e30c411cc0b
+CVE-2026-XXXX [XKB Key Types Stack-based Buffer Overflow]
+ - xorg-server <unfixed>
+ - xwayland <unfixed>
+ [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
+ [bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
+ NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/1
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/543e108516428fc8c3bea91d6563ad266f9a801e
+CVE-2026-XXXX [XKB SetMap Request Stack-based Buffer Overflow]
+ - xorg-server <unfixed>
+ - xwayland <unfixed>
+ [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
+ [bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
+ NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/1
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/867b59b33bee669cb412f1314e47c52eacf6e00b
+CVE-2026-XXXX [XSYNC Use-After-Free in FreeCounter()]
+ - xorg-server <unfixed>
+ - xwayland <unfixed>
+ [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
+ [bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
+ NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/1
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/f5abfb61994471023d8c6470428c8e30c411cc0b
+CVE-2026-XXXX [XSYNC Use-After-Free in SyncChangeCounter()]
+ - xorg-server <unfixed>
+ - xwayland <unfixed>
+ [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
+ [bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
+ NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/1
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bdd7bf57af208b1ddf57d4683d67104443b44812
+CVE-2026-XXXX [GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write]
+ - xorg-server <unfixed>
+ - xwayland <unfixed>
+ [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
+ [bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
+ NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/1
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6d459e4daf715bea8abdafa8fb130be2f8a1d145
+CVE-2026-XXXX [CreateSaverWindow Use-After-Free Information Disclosure]
+ - xorg-server <unfixed>
+ - xwayland <unfixed>
+ [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
+ [bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
+ NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/1
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/ecc634f1b2f7aa473d3a267eada98c4918bf9e05
+CVE-2026-XXXX [DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write]
+ - xorg-server <unfixed>
+ - xwayland <unfixed>
+ [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
+ [bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
+ NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/1
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/339c279514326134b0878fc23ce6e9520440ce7f
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/b7aa65cc3bb11b792ce2a3f511ba9b863acb11c8
CVE-2026-9614 (An Improper Access Control vulnerability in IvantiNeurons forITSM(clou ...)
NOT-FOR-US: Ivanti
CVE-2026-9330 (IBM WebSphere Application Server 9.0, and 8.5 is affected by an improp ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6272393f86cd5ec0b1784c77289b10b1dbe477a8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6272393f86cd5ec0b1784c77289b10b1dbe477a8
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260602/475465db/attachment.htm>
More information about the debian-security-tracker-commits
mailing list