[Git][security-tracker-team/security-tracker][master] Track separate bug for xwayland issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 2 17:04:53 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
40cb2a6b by Salvatore Bonaccorso at 2026-06-02T17:33:12+02:00
Track separate bug for xwayland issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -323,63 +323,63 @@ CVE-2018-25427 (Arm Whois 3.11 contains a stack-based buffer overflow vulnerabil
NOT-FOR-US: Arm whois
CVE-2026-XXXX [Font Alias Stack-based Buffer Overflow]
- xorg-server 2:21.1.23-1 (bug #1138680)
- - xwayland 2:24.1.12-1
+ - xwayland 2:24.1.12-1 (bug #1138703)
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/1
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bb5158f962dc935e58ef8b4b5fcb31be201a6e07
CVE-2026-XXXX [XSYNC Use-After-Free in miSyncDestroyFence()]
- xorg-server 2:21.1.23-1 (bug #1138680)
- - xwayland 2:24.1.12-1
+ - xwayland 2:24.1.12-1 (bug #1138703)
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/1
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/f5abfb61994471023d8c6470428c8e30c411cc0b
CVE-2026-XXXX [XKB Key Types Stack-based Buffer Overflow]
- xorg-server 2:21.1.23-1 (bug #1138680)
- - xwayland 2:24.1.12-1
+ - xwayland 2:24.1.12-1 (bug #1138703)
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/1
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/543e108516428fc8c3bea91d6563ad266f9a801e
CVE-2026-XXXX [XKB SetMap Request Stack-based Buffer Overflow]
- xorg-server 2:21.1.23-1 (bug #1138680)
- - xwayland 2:24.1.12-1
+ - xwayland 2:24.1.12-1 (bug #1138703)
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/1
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/867b59b33bee669cb412f1314e47c52eacf6e00b
CVE-2026-XXXX [XSYNC Use-After-Free in FreeCounter()]
- xorg-server 2:21.1.23-1 (bug #1138680)
- - xwayland 2:24.1.12-1
+ - xwayland 2:24.1.12-1 (bug #1138703)
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/1
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/f5abfb61994471023d8c6470428c8e30c411cc0b
CVE-2026-XXXX [XSYNC Use-After-Free in SyncChangeCounter()]
- xorg-server 2:21.1.23-1 (bug #1138680)
- - xwayland 2:24.1.12-1
+ - xwayland 2:24.1.12-1 (bug #1138703)
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/1
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bdd7bf57af208b1ddf57d4683d67104443b44812
CVE-2026-XXXX [GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write]
- xorg-server 2:21.1.23-1 (bug #1138680)
- - xwayland 2:24.1.12-1
+ - xwayland 2:24.1.12-1 (bug #1138703)
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/1
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6d459e4daf715bea8abdafa8fb130be2f8a1d145
CVE-2026-XXXX [CreateSaverWindow Use-After-Free Information Disclosure]
- xorg-server 2:21.1.23-1 (bug #1138680)
- - xwayland 2:24.1.12-1
+ - xwayland 2:24.1.12-1 (bug #1138703)
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/1
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/ecc634f1b2f7aa473d3a267eada98c4918bf9e05
CVE-2026-XXXX [DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write]
- xorg-server 2:21.1.23-1 (bug #1138680)
- - xwayland 2:24.1.12-1
+ - xwayland 2:24.1.12-1 (bug #1138703)
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40cb2a6b49192b25fe62278e3d18f1e9594da3e6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40cb2a6b49192b25fe62278e3d18f1e9594da3e6
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260602/8c2c8bcc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list