1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1108073: xorg-server: Followup to CVE-2025-49176

    From Salvatore Bonaccorso@21:1/5 to All on Fri Jun 20 06:40:01 2025
    Source: xorg-server
    Version: 2:21.1.16-1.2
    Severity: grave
    Tags: security upstream
    Justification: user security hole
    X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

    As per

    https://www.openwall.com/lists/oss-security/2025/06/18/2 https://gitlab.freedesktop.org/xorg/xserver/-/commit/4fc4d76b2c7aaed61ed2653f997783a3714c4fe1

    there is another case where the BigRequest length can cause an
    overflow, so an additional commit is required as followup to the fixes
    for CVE-2025-49176.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Fri Jun 20 10:10:02 2025
    Processing control commands:

    tags 1108073 + patch
    Bug #1108073 [src:xorg-server] xorg-server: Followup to CVE-2025-49176
    Added tag(s) patch.
    tags 1108073 + pending
    Bug #1108073 [src:xorg-server] xorg-server: Followup to CVE-2025-49176
    Added tag(s) pending.

    --
    1108073: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108073
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Sun Jun 22 10:40:02 2025
    This is a multi-part message in MIME format...

    Your message dated Sun, 22 Jun 2025 08:34:14 +0000
    with message-id <E1uTG9W-00H0lp-6N@fasolo.debian.org>
    and subject line Bug#1108073: fixed in xorg-server 2:21.1.16-1.3
    has caused the Debian Bug report #1108073,
    regarding xorg-server: Followup to CVE-2025-49176
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1108073: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108073
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 20 Jun 2025 04:36:58 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
    (2024-03-25) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-9.6 required=4.0 tests=BAYES_00,FROMDEVELOPER,
    KHOP_HELO_FCRDNS,MD5_SHA1_SUM,RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,
    RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED,
    RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE,XMAILER_REPORTBUG autolearn=ham
    autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 14; hammy, 120; neutral, 27; spammy,
    1. spammytokens:0.944-+--H*r:bugs.debian.org
    hammytokens:0.000-+--H*F:U*carnil, 0.000-+--XDebbugsCc,
    0.000-+--X-Debbugs-Cc, 0.000-+--H*r:eldamar.lan, 0.000-+--H*M:reportbug Return-path: <carnil@debian.org>
    Received: from c-82-192-244-13.customer.ggaweb.ch ([8