From unknown Sat Jun 21 17:32:30 2025
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
From: bug#48039 <48039@debbugs.gnu.org>
To: bug#48039 <48039@debbugs.gnu.org>
Subject: Status: xorg-server might be vulnerable to CVE-2021-3472
Reply-To: bug#48039 <48039@debbugs.gnu.org>
Date: Sun, 22 Jun 2025 00:32:30 +0000

retitle 48039 xorg-server might be vulnerable to CVE-2021-3472
reassign 48039 guix-patches
submitter 48039 Nicol=C3=B2 Balzarotti <anothersms@gmail.com>
severity 48039 normal
tag 48039 patch security

thanks


From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 26 13:25:55 2021
Received: (at submit) by debbugs.gnu.org; 26 Apr 2021 17:25:56 +0000
Received: from localhost ([127.0.0.1]:47052 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lb4zX-0000cj-15
	for submit@debbugs.gnu.org; Mon, 26 Apr 2021 13:25:55 -0400
Received: from lists.gnu.org ([209.51.188.17]:51614)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <anothersms@gmail.com>) id 1lb4zU-0000cZ-W0
 for submit@debbugs.gnu.org; Mon, 26 Apr 2021 13:25:49 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:56080)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <anothersms@gmail.com>)
 id 1lb4zQ-0000cn-81
 for bug-guix@gnu.org; Mon, 26 Apr 2021 13:25:44 -0400
Received: from mail-ej1-x634.google.com ([2a00:1450:4864:20::634]:46884)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <anothersms@gmail.com>)
 id 1lb4zM-0006hU-EY
 for bug-guix@gnu.org; Mon, 26 Apr 2021 13:25:44 -0400
Received: by mail-ej1-x634.google.com with SMTP id u21so85647109ejo.13
 for <bug-guix@gnu.org>; Mon, 26 Apr 2021 10:25:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:subject:date:message-id:mime-version;
 bh=S56BbzcMk5KszSAEFoxFjg3QGCZFvkq3ecixCKCr1y8=;
 b=Z2BXaGItboK8TmTp0nzg6EC1xt2IaaDCozxY4Ep828tWSgzBpoWAsqRm9bbUWLTsDS
 zWlZBXdvG+UflvByWrTI1pFjjxEVEmAT4TM2aVAtJvhBo/REpGBkHC04ejZT0K/M4Xuc
 GvV23p5Dn4voMCG1Rlvcoq6CHsRtOqoH60XAQ5C6pSkvPmggHtVHmFfvy7/GcYt/W5IJ
 Ka4mSuzyOIOQRFYBl3AsAEE2ij5+u3MJzL7xGJVVfMPhsQoonoVQIXWobVlYsXkqL4+a
 Z3NZeca/nyXyKaTZ5wQQ8gLlG/qAcKjET+qAifa2gh3bvbmQp2nANsL6RgCcxPX9H3yl
 0Egw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:subject:date:message-id:mime-version;
 bh=S56BbzcMk5KszSAEFoxFjg3QGCZFvkq3ecixCKCr1y8=;
 b=VpvgYtZbBVRYn0PHQeK9YgKDqjqvuoVsuzqaeRz5oFpKn+z7j7hS3Eo8rqS7M4l3Kh
 8GJYsnlRnaYJlOa8oMECpoXp0xCe+m3KceLuJ/3GNnyA0MkO+fqyRvIVtiT+ivyXf3Hr
 8GGtcv4NzCHtd2gi4bIq21SYur0jTCV6TH+xkmI/j+MgHklHmzy9qW7XDrUSUtvHHM3w
 FsRyJs69HpyY107/CGpjzP68ED/LhdUbKQ6X7eNgOH+i3vAqpKKt+NHgvFs5MHKYeOAv
 +N0RulVaxv7vaAm1JFwEwRMI9/BvlLY/BDurk4T0VW8LoeoFRunlG4F264cl6kTo/BOG
 Unvg==
X-Gm-Message-State: AOAM531xSssWtLKyglh/FJjIkatyP6QOBJZUtDlyytKIa/+3asKUWsKk
 kj4Lj9DMipuwPN+qv4U6V2Pda9XXD3A=
X-Google-Smtp-Source: ABdhPJx8e2En9OwEnn/OqFlJ5TN7mXyUOk9f42i+pDJKUDwZV7YLqRfGSvbEGcFK9IHqSj9HTHlEgw==
X-Received: by 2002:a17:906:e28c:: with SMTP id
 gg12mr2641785ejb.483.1619457938131; 
 Mon, 26 Apr 2021 10:25:38 -0700 (PDT)
Received: from guixSD (host-79-17-142-89.retail.telecomitalia.it.
 [79.17.142.89])
 by smtp.gmail.com with ESMTPSA id e5sm11904984ejq.85.2021.04.26.10.25.37
 for <bug-guix@gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 26 Apr 2021 10:25:37 -0700 (PDT)
From: =?utf-8?Q?Nicol=C3=B2_Balzarotti?= <anothersms@gmail.com>
To: bug-guix@gnu.org
Subject: xorg-server might be vulnerable to CVE-2021-3472
Date: Mon, 26 Apr 2021 19:25:35 +0200
Message-ID: <878s55rm9c.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Received-SPF: pass client-ip=2a00:1450:4864:20::634;
 envelope-from=anothersms@gmail.com; helo=mail-ej1-x634.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.7 (/)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.3 (/)

--=-=-=
Content-Type: text/plain

Hi, just found this [fn:1]:

A flaw was found in xorg-x11-server in versions before 1.20.11. An
integer underflow can occur in xserver which can lead to a local
privilege escalation.

The commit fixing the bug should be the one at [fn:2], and latest tagged
version (1.20.11) should be fixed.

On a side note, the redhat issue tracker says that [fn:3]:

Xorg server does not run with root privileges in Red Hat Enterprise
Linux 8, therefore this flaw has been rated as having moderate impact
for Red Hat Enterprise linux 8.

Is it possible for guix too not to run the server as root?  I've no idea
myself

guix refresh -l xorg-server
Building the following 73 packages would ensure 121

I just rebuilt xorg-server itself with the attached patch, and building
other packages now but it might take some time on my server.  I'll let
you know how it goes.

[fn:1] https://nvd.nist.gov/vuln/detail/CVE-2021-3472
[fn:2]
https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd
[fn:3] https://bugzilla.redhat.com/show_bug.cgi?id=1944167


--=-=-=
Content-Type: text/x-patch; charset=utf-8
Content-Disposition: attachment;
 filename=0001-gnu-xorg-server-Update-to-1.20.11.patch
Content-Transfer-Encoding: quoted-printable

>From a1767951a7b4631c48916f1171f577839fff0df3 Mon Sep 17 00:00:00 2001
From: nixo <nicolo@nixo.xyz>
Date: Mon, 26 Apr 2021 19:22:04 +0200
Subject: [PATCH] gnu: xorg-server: Update to 1.20.11.

* gnu/packages/xorg.scm (xorg-server): Update to 1.20.11.
---
 gnu/packages/xorg.scm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 97ff8ab92b..6b6fcbafa9 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -26,6 +26,7 @@
 ;;; Copyright =C2=A9 2020, 2021 Michael Rohleder <mike@rohleder.de>
 ;;; Copyright =C2=A9 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;; Copyright =C2=A9 2020 Jean-Baptiste Note <jean-baptiste.note@m4x.org>
+;;; Copyright =C2=A9 2021 Nicol=C3=B2 Balzarotti <nicolo@nixo.xyz>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -5302,7 +5303,7 @@ over Xlib, including:
 (define-public xorg-server
   (package
     (name "xorg-server")
-    (version "1.20.10")
+    (version "1.20.11")
     (source
       (origin
         (method url-fetch)
@@ -5310,7 +5311,7 @@ over Xlib, including:
                             "xorg-server-" version ".tar.bz2"))
         (sha256
          (base32
-          "16bwrf0ag41l7jbrllbix8z6avc5yimga7ihvq4ch3a5hb020x4p"))
+          "0jacqgin8kcyy8fyv0lhgb4if8g9hp60rm3ih3s1mgps7xp7jk4i"))
         (patches
          (list
           ;; See:
--=20
2.31.1


--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 26 13:29:07 2021
Received: (at control) by debbugs.gnu.org; 26 Apr 2021 17:29:07 +0000
Received: from localhost ([127.0.0.1]:47064 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lb52h-0000iK-Df
	for submit@debbugs.gnu.org; Mon, 26 Apr 2021 13:29:07 -0400
Received: from mail-ej1-f54.google.com ([209.85.218.54]:43856)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <anothersms@gmail.com>) id 1lb52f-0000hp-1O
 for control@debbugs.gnu.org; Mon, 26 Apr 2021 13:29:05 -0400
Received: by mail-ej1-f54.google.com with SMTP id l4so85603009ejc.10
 for <control@debbugs.gnu.org>; Mon, 26 Apr 2021 10:29:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:references:date:message-id:mime-version;
 bh=bTeU6H8Jx7qrGDshMEU4ZCpVrCZ3+CcDfqDZVQ2MiuA=;
 b=nftBM4BB7c3n2vL/ZezW+1XvEJszqurghGkFWNdHk1kV4iJagzNFB23ESAuDAP4WIc
 tvOEWNCJBlwEaLuHW1aDyCSYiZ+l2Wm14pMk+gOei1CIOu0aAbmr+Wv1kp3RChBHM/kT
 0VaUfh5My/Hk6aRKv5L3Vux8nT/fpDueWm5q+PjoOzKG/OUuDm9+oCpkwg15biOa7QLc
 gkcBQCKrEwcXVCNYU6poXlQ/ZAETPn2GSpO+s2rVtUsw5cJS2yLdZ5BwQxyX5QZffsc6
 wpAUMnmn6xYZ7si3aKK9VPftqQxL+CwPAwWnqrSTOxquadv95flX/sxOBvD7uvqb8EPY
 5ZZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:references:date:message-id:mime-version;
 bh=bTeU6H8Jx7qrGDshMEU4ZCpVrCZ3+CcDfqDZVQ2MiuA=;
 b=Dj08nbulBV6d0fwtk38UBXabEvukd818/rRxyc+mDQuE94mwwj6h0YrBTwwATaUu0X
 qGvXAvcI2Uc+A+tLBTzV3E6Cj8cQrZ2lXbo0cJ9v7+fvWe9V4FF/JF68rHdLlxgar6s5
 7a/IrUwJh/3HsHJoZtPmteR4uU3nNxOG6q1NLTe6DCa4j+FpsVhsoH+X4xPibQZX7fsc
 C3kBCCeXvPLN5pa1F9vjYB6ct7XmBBy1f1x2vCS6tv3ihvKvjDAN/aDLxGO5kqixPQ66
 8JZDqWvTJwUERY+9xDbEO4f+aWiYwLDgP4AhhXt3ifTS42Qha4zCPWd92YYZ72jr8MH4
 DrgA==
X-Gm-Message-State: AOAM530xI44dOTBssUo7ELxwnp/nhZGss6DVr6s131CQMBLQbK6+f6gU
 FKw290zL6OTOWyYNPE8WGKWH9r1gNOk=
X-Google-Smtp-Source: ABdhPJw7r3hOVpVz+434TIXaCmxxJ4xzr7cngGSAp9rn/p/RP2rHmvf2nSqeNU5VoXJiTVwoK+Yl7A==
X-Received: by 2002:a17:906:3646:: with SMTP id
 r6mr12872244ejb.43.1619458138946; 
 Mon, 26 Apr 2021 10:28:58 -0700 (PDT)
Received: from guixSD (host-79-17-142-89.retail.telecomitalia.it.
 [79.17.142.89])
 by smtp.gmail.com with ESMTPSA id k13sm349573edn.83.2021.04.26.10.28.57
 for <control@debbugs.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 26 Apr 2021 10:28:57 -0700 (PDT)
From: =?utf-8?Q?Nicol=C3=B2_Balzarotti?= <anothersms@gmail.com>
To: control@debbugs.gnu.org
References: <87mtu7mqzk.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
Date: Mon, 26 Apr 2021 19:28:56 +0200
Message-ID: <875z09rm3r.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  tags 48039 + security quit 
 Content analysis details:   (2.0 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (anothersms[at]gmail.com)
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
 [209.85.218.54 listed in wl.mailspike.net]
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [209.85.218.54 listed in list.dnswl.org]
 1.8 MISSING_SUBJECT        Missing Subject: header
 0.2 NO_SUBJECT             Extra score for no subject
 0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 1.0 (+)

tags 48039 + security
quit




From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 26 13:35:36 2021
Received: (at 48039) by debbugs.gnu.org; 26 Apr 2021 17:35:36 +0000
Received: from localhost ([127.0.0.1]:47075 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lb58y-0000tj-AY
	for submit@debbugs.gnu.org; Mon, 26 Apr 2021 13:35:36 -0400
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:55703)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1lb58t-0000tS-UB
 for 48039@debbugs.gnu.org; Mon, 26 Apr 2021 13:35:35 -0400
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42])
 by mailout.nyi.internal (Postfix) with ESMTP id CB38B5C018A;
 Mon, 26 Apr 2021 13:35:25 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute2.internal (MEProxy); Mon, 26 Apr 2021 13:35:25 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:in-reply-to; s=mesmtp; bh=nzSO2hREh+GPa/BM+WkC9mX3
 yiO+KO5WZA3z1uhowhQ=; b=p4XtODxwJOBYOCNOtI9pnsw73oekJLxE+ezZdZi2
 C3cOduWzJmFneXqUP/bacsZyAszYNB3aHWrAET6h4fXg0E/zUwf5u4893otnZNZE
 BKyM5HZ5mm1Nc9jvKX8BM6RQ0MsbwRkCmv67FUEXjD6blEBEnuz3zns9T7pMiIt2
 K+c=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=nzSO2h
 REh+GPa/BM+WkC9mX3yiO+KO5WZA3z1uhowhQ=; b=v3FLu7JL8yjfyZgCoKjTvf
 446dqDIUzMEe5ZE9A4S0zjk3PrcmvrxGol3hsX5ROqcS2zPq0EYd5lLDtG345XFC
 jcO8x2ou5cW/6oMMt5qNA7TWAsZp6WM/pdrANE9g60shC+OU7AJqmQwjekI8IJQ4
 C0nBK6cFqeZWgl9AOB1KHmCJQYahPbR3CzJS/VynliD3O4ejaBhtadfkK2f/AtdO
 9CMHsRGF1XbiKlM1XNxu1AwmdSMOorOJPhyAnYnkOn9p0+eEGRaB+a9pEdFvpBia
 X/0FjXLSzRGt1pb4mZ89ZmPfBagYz941fOpHaRDasZFTTZP6/xb3O9Qz97jnt2tg
 ==
X-ME-Sender: <xms:3fmGYM4tzua_ZVh7kOc3JDZNqQH-BJUOUPNOeyLOJbAoBimMLkFHVQ>
 <xme:3fmGYP7_-twtbmSUST3G8FA5IK9F3ORCLG7Jiyw2e3yAp2C5Rv2vK6aSE7VMrhq_l
 b4Txc0MWrYz8Kwysw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvddukedguddujecutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecufghrlhcuvffnffculddujedmnecujfgurhepff
 fhvffukfhfgggtuggjsehgtderredttddunecuhfhrohhmpefnvghoucfhrghmuhhlrghr
 ihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpedthe
 eigefgfefgiedtteeihefhkeffudeiveevheehleetiefgiedvueffkeevjeenucffohhm
 rghinhepghhnuhdrohhrghenucfkphepuddttddruddurdduieelrdduudeknecuvehluh
 hsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhu
 lhgrrhhirdhnrghmvg
X-ME-Proxy: <xmx:3fmGYE20ekP7rpuHhNvJ2GSck3JcgYBfd9Bt2HvbLIyARA2rJbYmUw>
 <xmx:3fmGYDXoXJfU9dM1edaRrbFJaWPalplVCoxOBrPeGMBAehZ8x1zP6A>
 <xmx:3fmGYH5ptbN6AHQTKbCBTNHmDRSUGojhsexxJzsEwptJ7UuAiVeA3A>
 <xmx:3fmGYL-48XLNwG1vKwq5sIyt3G6mY2-lzlh5oZb_Wm2Wpg0ae13KxA>
Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net
 [100.11.169.118])
 by mail.messagingengine.com (Postfix) with ESMTPA id 909051080064;
 Mon, 26 Apr 2021 13:35:25 -0400 (EDT)
Date: Mon, 26 Apr 2021 13:35:24 -0400
From: Leo Famulari <leo@famulari.name>
To: =?iso-8859-1?Q?Nicol=F2?= Balzarotti <anothersms@gmail.com>
Subject: Re: bug#48039: xorg-server might be vulnerable to CVE-2021-3472
Message-ID: <YIb53KSJPfQf5mn6@jasmine.lan>
References: <878s55rm9c.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="hJUS4paNEz9LfMRS"
Content-Disposition: inline
In-Reply-To: <878s55rm9c.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  On Mon, Apr 26, 2021 at 07:25:35PM +0200, Nicoḷ Balzarotti
    wrote: > From a1767951a7b4631c48916f1171f577839fff0df3 Mon Sep 17 00:00:00
    2001 > From: nixo <nicolo@nixo.xyz> > Date: Mon, 26 Apr 2021 19:2 [...] 
 
 Content analysis details:   (1.3 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
                             [URI: nixo.xyz (xyz)]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/,
                             low trust
                             [66.111.4.28 listed in list.dnswl.org]
  0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
                             [66.111.4.28 listed in wl.mailspike.net]
  0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
X-Debbugs-Envelope-To: 48039
Cc: 48039@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 0.3 (/)


--hJUS4paNEz9LfMRS
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Apr 26, 2021 at 07:25:35PM +0200, Nicol=F2 Balzarotti wrote:
> From a1767951a7b4631c48916f1171f577839fff0df3 Mon Sep 17 00:00:00 2001
> From: nixo <nicolo@nixo.xyz>
> Date: Mon, 26 Apr 2021 19:22:04 +0200
> Subject: [PATCH] gnu: xorg-server: Update to 1.20.11.
>=20
> * gnu/packages/xorg.scm (xorg-server): Update to 1.20.11.

Did you see <https://bugs.gnu.org/48001>?

We should push a fix for this bug along with
<https://bugs.gnu.org/48000>, since the GStreamer plugins depend on
xorg-server. Otherwise we'll have to rebuild all effected packages
twice.

--hJUS4paNEz9LfMRS
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmCG+dwACgkQJkb6MLrK
fwhBphAA6dA4WeYrPw/z2sW846GVgwnTb/gtk5ESCl/7G5W+9sCXZJX406DUUWTT
+6YxrgMKeaUTiUwj/SY1kfG07osXu/TEOMnr3w1nNPxn1mpbfrgV1ExbrH7UyEkM
4AYwECTEBxAZCxRIJvehjkCpGqk5ah+O4sllU6tp94RaT2B5HhCsZvHz6i3Vcwf/
3ynCaZNlqWOijZ0cKpDaahgrTUKt7GwctOxGC9tQUudMofHFcb/9ZYMRCxq5ZQRq
XXIEuFZNaPLbyVL+ijc0R3/IS99l0qX1wnrbuGHEMVjRyEZ27Va5MRbCiDHK0Rni
6uUHrcoaigilfuADrPC05+KGXvoq5XWir9KsaGy3+TEn0RI+FyFasmMfGGSHrM7A
IYgU8P7VaW9a9GCo6v1KmFTleAKOpwuv+3k1zg5SPViQoBDeKBCXhTn2WV0+bDvt
o/R9fYIAelqWl37rB2R0m00AGgvvxOSdAFz3oDWzoyd+1k1cy+Y9ewlRFbK8Uf5g
mJPByrYD9fimTSfZtffOWn4G+2LPvmd9SRxvtKDC3PD+6y9URE/VHs2Eb/tpQzHb
GeSejaBLFVe45h2lQkva5MMGmAROOFYgicEPgLAyHfFsY++P55zkOijI2v724irc
Z4CArw+SC3evesp39PDhX4rpr0L1b1Fz5lPM+LIFoIQwQElYsqo=
=RrgV
-----END PGP SIGNATURE-----

--hJUS4paNEz9LfMRS--




From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 26 14:28:08 2021
Received: (at 48039) by debbugs.gnu.org; 26 Apr 2021 18:28:08 +0000
Received: from localhost ([127.0.0.1]:47123 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lb5xo-0004NM-4G
	for submit@debbugs.gnu.org; Mon, 26 Apr 2021 14:28:08 -0400
Received: from mail-ej1-f52.google.com ([209.85.218.52]:44669)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <anothersms@gmail.com>) id 1lb5xl-0004Mq-Ti
 for 48039@debbugs.gnu.org; Mon, 26 Apr 2021 14:28:06 -0400
Received: by mail-ej1-f52.google.com with SMTP id r20so36151831ejo.11
 for <48039@debbugs.gnu.org>; Mon, 26 Apr 2021 11:28:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:in-reply-to:references:date:message-id
 :mime-version:content-transfer-encoding;
 bh=w1wqN/5DP9FVzvt75MymvIy7UWnbuGUmCQJEqjOzyQM=;
 b=fkYI5oJrtkOd92ZSxBtkIwTEuQf3uQme/5bTsPgcBiS9Sd7Su+JMEu6HE5G+tblw+M
 BRf/qaTGzbkbSc5tKPbHyyHflWNPe+TUoaVShncaRYGekbBFkuOvxyxx7Olz3DbqMkef
 4XEph3JX/fO5PmdJfLI+KZLQeDfZcyUJ2L2F1VRAyqR7K3mtXyZbE/TJ+cK5ANCaKJYP
 it+aCFOT8c8rxQaASuAxuHq9jUHwj9KiX/EvxmfbIy1jiZt7As8Eceth8Ev4LtdVAIYr
 stxzX3co6+FQN+E1pb9oWkwCwY7BskYOSDtFxV6Zty0w6J0+aBnzoFk5Q+gh1oOBCXdQ
 7v8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date
 :message-id:mime-version:content-transfer-encoding;
 bh=w1wqN/5DP9FVzvt75MymvIy7UWnbuGUmCQJEqjOzyQM=;
 b=rQMS7L7p+0A+Xulgh04wNttQUGx0zO86ywrshJoUFnjQ57IY6aMaUYjXBcji0Lsh8f
 dzlwg32YBDOsCvUd5k20Dl9Fj8RC5McV72mpGm3bTExnCAiDRWM0/IZsnXs7bwwsW1zf
 VhWfi7c2cfp9i+LP2LyZoL38PHSvQTVmK+jD4w5TWZX7Gw38EjMEmAATTb//i10hcxWm
 k85kwQ63iash5xOsCxa/mvqQjYio+Jy6g81tAce2OKu2ubUz/CHpqIGYUU/KziFnGfF8
 0s4YnapjE18XjiJ8EsKACxNIeIMkzL9DhbMlm06w0YTa1B/NOmGLfdQuOQzq8EXY81Tg
 IrvQ==
X-Gm-Message-State: AOAM532/+jqTbL2Hq72B4GCam9Wj9fgJ23fj7MWOxSDi1T2+LVIN+DVw
 ttVJQw+/M/zgDnWVuTYw5TaVdDkilzk=
X-Google-Smtp-Source: ABdhPJyeZtvuXe26HzttD6fVRNQPm9FSVh+o5syWYXK+QYxA+ElDB04Jdmq7inM3gjATd3EQeiANOw==
X-Received: by 2002:a17:906:a2d1:: with SMTP id
 by17mr8553443ejb.426.1619461679962; 
 Mon, 26 Apr 2021 11:27:59 -0700 (PDT)
Received: from guixSD (host-79-17-142-89.retail.telecomitalia.it.
 [79.17.142.89])
 by smtp.gmail.com with ESMTPSA id mm8sm11952193ejb.28.2021.04.26.11.27.59
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 26 Apr 2021 11:27:59 -0700 (PDT)
From: =?utf-8?Q?Nicol=C3=B2?= Balzarotti <anothersms@gmail.com>
To: Leo Famulari <leo@famulari.name>
Subject: Re: bug#48039: xorg-server might be vulnerable to CVE-2021-3472
In-Reply-To: <YIb53KSJPfQf5mn6@jasmine.lan>
References: <878s55rm9c.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
 <YIb53KSJPfQf5mn6@jasmine.lan>
Date: Mon, 26 Apr 2021 20:27:58 +0200
Message-ID: <8735vcsxxt.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 48039
Cc: 48039@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Leo Famulari <leo@famulari.name> writes:

> On Mon, Apr 26, 2021 at 07:25:35PM +0200, Nicol=C3=B2 Balzarotti wrote:
>> * gnu/packages/xorg.scm (xorg-server): Update to 1.20.11.
>
> Did you see <https://bugs.gnu.org/48001>?
>
Ops, sorry for the duplicate, I somehow missed it, I'm closing this

Thanks!




From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 26 14:28:55 2021
Received: (at 48039-close) by debbugs.gnu.org; 26 Apr 2021 18:28:55 +0000
Received: from localhost ([127.0.0.1]:47129 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lb5yZ-0004Oe-1Y
	for submit@debbugs.gnu.org; Mon, 26 Apr 2021 14:28:55 -0400
Received: from mail-ed1-f42.google.com ([209.85.208.42]:38656)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <anothersms@gmail.com>) id 1lb5yX-0004OS-PD
 for 48039-close@debbugs.gnu.org; Mon, 26 Apr 2021 14:28:54 -0400
Received: by mail-ed1-f42.google.com with SMTP id y3so30612103eds.5
 for <48039-close@debbugs.gnu.org>; Mon, 26 Apr 2021 11:28:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:in-reply-to:references:date:message-id:mime-version;
 bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;
 b=UJ7OMg/0aVSeK1SCPGAkEuXqEltZ0rC7XM3gbXBvh05sjlMKZu39zMjgDVgxpJVPYU
 DXcYVlnZ57CCqrgfCZSltCoe3RODS1tatTKwf9dWCGKo2wk1Qbe1uukoKo0p/xVJjPDI
 MPcZ2nrdj2WrMld3CFCyMSStc2r1UFRiKxJaJJZWOotwdS+tSynRSnegY3mQbxpO0u/h
 UpWdIq55p9ZTqpb6t7czpHWuJPGIJbzmtyvcNSGTNsKXRGLkY0Tq6NK153MaWc+B5UdT
 HDUWdch2zYmRGKWiByc6aZZ0lFscBks7AadKn9wUs9YlYBmHbQpyos2km6FApNwYgTuM
 RBKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:in-reply-to:references:date:message-id
 :mime-version;
 bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;
 b=VU5B/h65CtawzZtTsYTG9zaSknffizWewOoI3ly73W15zUW1i0zp1OZxNZ6Ozmxjl7
 rLUzVS9m6+L2cLBRwVGUF+F9bJLtQ6eyY5uRM6CPuH+fhkh8IVn0q07xzq1A8mzQXiS4
 4jrX1PoooDDbUk2m/xbhiFdbgJOT15oBrF1+1gkoLInoODFxYITO8abU2qCuOn58S5Ps
 ZJZFyFQWShmPhOwvghbqUZCAoisl0B0L7MtfVkv5uU9rIBVGjwPKwVhlpLxbB+WGE0Gr
 KMTIbwO37/DBUVtIsLLmAEMTSOB9mvd5oNoDYjFx6UH5aXKUqi+XiivzLbor3VhW+Rio
 LbVA==
X-Gm-Message-State: AOAM532T00IvRdf9hla8AeFaauCLMa0ten8/wSAWTbGM/kVPZgkbeLBa
 WVbkRiHHekCt6A8Yv7b6tRDFsq9bkms=
X-Google-Smtp-Source: ABdhPJxPqovfkKisUADWtwn5NokUJqJueLbf3Lcs3TiqGza8SLmuLVvXtXfgyViD3CVRSyBNt5mE8w==
X-Received: by 2002:aa7:c2d4:: with SMTP id m20mr8109edp.193.1619461728258;
 Mon, 26 Apr 2021 11:28:48 -0700 (PDT)
Received: from guixSD (host-79-17-142-89.retail.telecomitalia.it.
 [79.17.142.89])
 by smtp.gmail.com with ESMTPSA id m2sm464131edc.10.2021.04.26.11.28.47
 for <48039-close@debbugs.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 26 Apr 2021 11:28:47 -0700 (PDT)
From: =?utf-8?Q?Nicol=C3=B2?= Balzarotti <anothersms@gmail.com>
To: 48039-close@debbugs.gnu.org
In-Reply-To: <YIb53KSJPfQf5mn6@jasmine.lan>
References: <878s55rm9c.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
 <YIb53KSJPfQf5mn6@jasmine.lan>
Date: Mon, 26 Apr 2021 20:28:47 +0200
Message-ID: <87zgxkrjc0.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Score: 4.3 (++++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details. Content preview:  
 Content analysis details:   (4.3 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (anothersms[at]gmail.com)
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [209.85.208.42 listed in wl.mailspike.net]
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [209.85.208.42 listed in list.dnswl.org]
 1.8 MISSING_SUBJECT        Missing Subject: header
 0.2 NO_SUBJECT             Extra score for no subject
 2.3 EMPTY_MESSAGE          Message appears to have no textual parts and no
 Subject: text
X-Debbugs-Envelope-To: 48039-close
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 3.3 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  
 
 Content analysis details:   (3.3 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
                             [209.85.208.42 listed in wl.mailspike.net]
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [209.85.208.42 listed in list.dnswl.org]
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider (anothersms[at]gmail.com)
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
  1.8 MISSING_SUBJECT        Missing Subject: header
  0.2 NO_SUBJECT             Extra score for no subject
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager
  2.3 EMPTY_MESSAGE          Message appears to have no textual parts and no
                             Subject: text





From unknown Sat Jun 21 17:32:30 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: Did not alter fixed versions and reopened.
Date: Mon, 26 Apr 2021 19:11:02 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# Did not alter fixed versions and reopened.
thanks
# This fakemail brought to you by your local debbugs
# administrator


From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 26 15:29:42 2021
Received: (at control) by debbugs.gnu.org; 26 Apr 2021 19:29:42 +0000
Received: from localhost ([127.0.0.1]:47233 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lb6vO-0008B6-8s
	for submit@debbugs.gnu.org; Mon, 26 Apr 2021 15:29:42 -0400
Received: from wout4-smtp.messagingengine.com ([64.147.123.20]:33963)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1lb6vL-0008Ap-Oe
 for control@debbugs.gnu.org; Mon, 26 Apr 2021 15:29:41 -0400
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.west.internal (Postfix) with ESMTP id 9FCC81762;
 Mon, 26 Apr 2021 15:29:33 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute3.internal (MEProxy); Mon, 26 Apr 2021 15:29:33 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:message-id:mime-version:content-type; s=mesmtp;
 bh=F+rVRwDuvclSJsqRbsdpdd97dENLoKN0z+NmZlZfWp8=; b=Nf5CvO9dhRoM
 MEEXH/eqybll0HIwSA1v8pabR8vJdDz1/5RqeFV/5ugqC++AfAAJc9iEctiFLiHO
 kqbNhYrHU4N0LA0we/oOWvPhSTxjX/tl95zA2mdHQdqvzRo5B2dw4xijFOiXibJm
 e6tIX/B6rV6oaq1lXciIMms2jjut/Yo=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-type:date:from:message-id
 :mime-version:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm2; bh=F+rVRwDuvclSJsqRbsdpdd97dENLoKN0z+NmZlZfW
 p8=; b=JH4LxgbGQkDNuRZMfUmFGISQ36kgzNaI7NA9x0Cf+bGzD/AYcGv2S8k+8
 gGoVUaXRR2HmAII0cVpPoo7A4kVgjRvDKMyIlc9NXkVMtYQWokISTkpfQJHEg8M4
 UZGB5cKKZZLSKaTOyI8OqR2TQiPkrWGfq7FQ4DYghiWfwwTIqiJNGVePanpuqSPI
 bKd3Hsxe7crBh/tK+1F9P+fEt60J7cDbhPnLvD7gUCD3QR6MlMwWnq0nssVvZjmQ
 QPlZz9eDphJq9Qtw8FLZ5X7E6L/hGZXFWsDululqhXZPlovfam6Ngm2HgIMXgsta
 RghM06hQBG3HdnnErx60doj31DrmQ==
X-ME-Sender: <xms:nRSHYHCUXa3AkuQ_H_Dn9c7IXKS8HQyd2WHPwWn5FU2ebIFYH2P52g>
 <xme:nRSHYNjvaiPUEdVDkrUQh040_ohb5Ung9bu3ok33H-V36b_G3dcG67tzf4t4OF8nY
 pCE7NzW7rjT9mWiBQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvdduledgtdegucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
 fgmhhpthihuchsuhgsjhgvtghtucdluddtmdenucfjughrpeffhffvkfggtggusehttder
 tddttddvnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhlrg
 hrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpefhjeeigfefvedvfeetheegledtkeev
 uddtgedtudeiteehteegvdefffduffefffenucfkphepuddttddruddurdduieelrdduud
 eknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplhgv
 ohesfhgrmhhulhgrrhhirdhnrghmvg
X-ME-Proxy: <xmx:nRSHYCmHhIrMug7kUP4yfRkHTb0TVYz-jGNueN3Ate-onI7G4JS0Og>
 <xmx:nRSHYJzOi3itABV6UI_Rn5tkt8KBw2qhn7B5ENobB4HaYpTCAZ_bTQ>
 <xmx:nRSHYMTkOuvSgfKFVdCYUT2YsLPD92wMRkX8yq3BqjzakI2AZBzWMA>
 <xmx:nRSHYDcdwgjXmk06a9MdZlNmKXlvRsBYeJYVF1pGefIn-YtWzXF1Vg>
Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net
 [100.11.169.118])
 by mail.messagingengine.com (Postfix) with ESMTPA id E1F701080057
 for <control@debbugs.gnu.org>; Mon, 26 Apr 2021 15:29:32 -0400 (EDT)
Date: Mon, 26 Apr 2021 15:29:31 -0400
From: Leo Famulari <leo@famulari.name>
To: GNU bug tracker automated control server <control@debbugs.gnu.org>
Message-ID: <YIcUm//YHswe/bKP@jasmine.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  reassign 48039 guix-patches merge 48001 48039 
 Content analysis details:   (1.3 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 RCVD_IN_MSPIKE_H4      RBL: Very Good reputation (+4)
 [64.147.123.20 listed in wl.mailspike.net]
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/,
 low trust [64.147.123.20 listed in list.dnswl.org]
 1.8 MISSING_SUBJECT        Missing Subject: header
 0.2 NO_SUBJECT             Extra score for no subject
 0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 0.3 (/)

reassign 48039 guix-patches
merge 48001 48039




From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 26 15:33:44 2021
Received: (at 48039) by debbugs.gnu.org; 26 Apr 2021 19:33:44 +0000
Received: from localhost ([127.0.0.1]:47239 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lb6zH-0001z7-Nl
	for submit@debbugs.gnu.org; Mon, 26 Apr 2021 15:33:43 -0400
Received: from wout4-smtp.messagingengine.com ([64.147.123.20]:38395)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1lb6zF-0001yu-Ml
 for 48039@debbugs.gnu.org; Mon, 26 Apr 2021 15:33:42 -0400
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42])
 by mailout.west.internal (Postfix) with ESMTP id E01DA1695;
 Mon, 26 Apr 2021 15:33:35 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute2.internal (MEProxy); Mon, 26 Apr 2021 15:33:36 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:content-transfer-encoding:in-reply-to; s=mesmtp;
 bh=ptudnDfpAcJFisMawnCS7xWEeaTyfJ89SkuYX3Hvor8=; b=vnxgdDSnOTWc
 lwXzHC7wgHiAPTUCju03rdMvl43wSo6b+0gjXcM0VdG5ofT1Oq//wkcsu8YACLLM
 ErmTCccGfjaBuDno7p4FSwN5izjwB+Pd4X6P171iioylT0xABQsJROpiS6hQ+w3g
 GYLJFElJsvE27OrA3gu+bQQXSCxB6B0=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm2; bh=ptudnDfpAcJFisMawnCS7xWEeaTyfJ89SkuYX3Hvo
 r8=; b=syzeq0SiUTcUbUqd/bBay4OC4lP043PLnQDI4pFnCF5X9an9OyigstCcx
 EJ0RcZJSc9VYwXUeLZTAY9ZjdBoHlFwBzDWOA0O6LTKhbrszfWdqgegXS7dbVqbf
 n1nK0w/NmOtCmy5CokCo2pHeX6j8gzG0kTTF3JqTCm7KJjTTY7bJ76D8G7wlHMeA
 bedowfVJ7MrcwFKyZ1fPa5j7RuXOx6MIFHRYXGAErVwNS6WqqWoFCEVZaG1pgZjp
 Ww+LC8NHLvyTHVqI+6g9FJRnT5yd3LniPSvJMJvJy9/n/bePEuDawRjETDVJf6IE
 mxyuG8JRSc3z12sYawXYjyz3h0bYw==
X-ME-Sender: <xms:jxWHYAXoRF7muAo_lylM3IiZ_4206fNcaQeG5B2r0O_z9PIPTXS-mg>
 <xme:jxWHYElkXY7s1P2ibSQSYr8EVOpERRkVnseVLaL8VQvvCo_TNks-yIUU-3_9r5HxR
 KfipsZJp1bQZBbARg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvdduledgtdegucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggugfgjsehtke
 ertddttddunecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhl
 rghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpeegieelteeuuedujeehfefhtddugf
 effeehuedtueevfefhhffffffgveeileduhfenucffohhmrghinhepghhnuhdrohhrghen
 ucfkphepuddttddruddurdduieelrdduudeknecuvehluhhsthgvrhfuihiivgeptdenuc
 frrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg
X-ME-Proxy: <xmx:jxWHYEahiT4BLNcpMM6b0ZaIts-utTKr11s1dUJxqrXrNAKTk3l9Pg>
 <xmx:jxWHYPX66exI74FW-_a9FxZWlB8tktRX5OVTclF0pVN-0WT-9kHzYQ>
 <xmx:jxWHYKm8NyP7HLZmQEqX0yJpsU0F7y2PDUzlHmL4Z--qL6FgCgpFqQ>
 <xmx:jxWHYER3pKAuYo7FXf_RstTK7cPRvooMMvj1VjmJ3a54YeeLmxwvtQ>
Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net
 [100.11.169.118]) by mail.messagingengine.com (Postfix) with ESMTPA;
 Mon, 26 Apr 2021 15:33:35 -0400 (EDT)
Date: Mon, 26 Apr 2021 15:33:33 -0400
From: Leo Famulari <leo@famulari.name>
To: =?iso-8859-1?Q?Nicol=F2?= Balzarotti <anothersms@gmail.com>
Subject: Re: bug#48039: xorg-server might be vulnerable to CVE-2021-3472
Message-ID: <YIcVjQ/oLozIA8Ki@jasmine.lan>
References: <878s55rm9c.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
 <YIb53KSJPfQf5mn6@jasmine.lan>
 <8735vcsxxt.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <8735vcsxxt.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 48039
Cc: 48039@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

On Mon, Apr 26, 2021 at 08:27:58PM +0200, Nicoḷ Balzarotti wrote:
> Leo Famulari <leo@famulari.name> writes:
> 
> > On Mon, Apr 26, 2021 at 07:25:35PM +0200, Nicoḷ Balzarotti wrote:
> >> * gnu/packages/xorg.scm (xorg-server): Update to 1.20.11.
> >
> > Did you see <https://bugs.gnu.org/48001>?
> >
> Ops, sorry for the duplicate, I somehow missed it, I'm closing this

I didn't mean for you to close your message.

We took different approaches to fixing the bug: I applied a patch, and
you updated the package.

The big difference is that your patch doesn't avoid changing the
xorg-server-for-tests package, so it can't be applied to master.

I'm merging the two tickets. I think that updating the package is a
better choice that simply patching it. I'll probably join our two
patches together and push that.




From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 27 02:03:06 2021
Received: (at 48039-done) by debbugs.gnu.org; 27 Apr 2021 06:03:06 +0000
Received: from localhost ([127.0.0.1]:47777 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lbGoM-0000ha-8L
	for submit@debbugs.gnu.org; Tue, 27 Apr 2021 02:03:06 -0400
Received: from out3-smtp.messagingengine.com ([66.111.4.27]:59981)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1lbGo7-0000gk-Tf
 for 48039-done@debbugs.gnu.org; Tue, 27 Apr 2021 02:03:04 -0400
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
 by mailout.nyi.internal (Postfix) with ESMTP id CC0FC5C01AD;
 Tue, 27 Apr 2021 02:02:46 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute1.internal (MEProxy); Tue, 27 Apr 2021 02:02:46 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:in-reply-to; s=mesmtp; bh=KpE/vtIlF/hShemeDttRpmgu
 g4mO+UCuKJlxTT1Rinw=; b=zqWIt++HvO3vn52KF83YFGhp4YfLtHe072VWW4vT
 SCn+HzCvy0HvCAkxBBts4SDnzlrORCzulR3zsGvcEF7PJfaezwYDwHx7i4KIVYBb
 eRw9kebovCLPdfUIk3h+yLQNE/sh6BLvbcXjlYETyXPfmaX3PvbrLNVjQ94TlBn6
 8Og=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=KpE/vt
 IlF/hShemeDttRpmgug4mO+UCuKJlxTT1Rinw=; b=LP4ji7GvmeR/kx8rPwxB/F
 TCSSXFVcTcSizc1rsHkC3tKy/EUK7AZ+S4BhTgWoxUsjt3EZJit4lS6kFZyt2Y23
 y8Mn5KvVb8oEssylOJahPD16YgyeuPXH7Hetvi7aGqf6tsTZguc07yYEf2wVU1I0
 KqotQovKmoWUHGzQEqqeS+y0Qx4BLOeDqdIuNQHyQZPldgLV+Zv7H0Gacb+2B1IW
 9rZODcHB9ufsOGDFNCHNvXbYs/On7lFa0Oc+momuWTL6LOYWVM117DwCZjC6ZR7+
 ojY9prRcr4q34okdMgHns4uNJpXCIy/rjLmO5iHdGTwOAs89bY41b0nKBNpcwX3w
 ==
X-ME-Sender: <xms:BqmHYNaOvE8gJK3b8RHtGQLRcvXVo0LU0dW0mHDt8NUZeqsJvP9UPQ>
 <xme:BqmHYEYx2-Ri-3S6IS6wRmz7LMJ-eUjd8uKxPihtG55vecCKBzu3Gz1TQ9NT6taRa
 0HNY8B2uB3_xtvuSw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvdduledgudeffecutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjsehgtd
 erredttddvnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhl
 rghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpedukeevgeetkeeltefgiedtjefgje
 ekffduteehvdfhueekudelieekjeefheffteenucfkphepuddttddruddurdduieelrddu
 udeknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplh
 gvohesfhgrmhhulhgrrhhirdhnrghmvg
X-ME-Proxy: <xmx:BqmHYP82gXcxvmAYfN8sR8mr_5ipFNYm3Bf6XMicXfMO6qwvGyhGPQ>
 <xmx:BqmHYLrwZBPvDDEAmuWeIuD1qUSE9zPuDh5dVwKbsVY8VKLb1BKXfQ>
 <xmx:BqmHYIpf_WVnzOBB6MclZGUGGsSq3re9-IVG2eqfnGvAQkSejycmzQ>
 <xmx:BqmHYOEGvqwCoi80wdTVPlaFejQf6NVLxCi214eUaGaSXIAiqmzUiA>
Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net
 [100.11.169.118]) by mail.messagingengine.com (Postfix) with ESMTPA;
 Tue, 27 Apr 2021 02:02:46 -0400 (EDT)
Date: Tue, 27 Apr 2021 02:02:45 -0400
From: Leo Famulari <leo@famulari.name>
To: =?iso-8859-1?Q?Nicol=F2?= Balzarotti <anothersms@gmail.com>
Subject: Re: bug#48039: xorg-server might be vulnerable to CVE-2021-3472
Message-ID: <YIepBamiF2f838F2@jasmine.lan>
References: <878s55rm9c.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
 <YIb53KSJPfQf5mn6@jasmine.lan>
 <8735vcsxxt.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
 <YIcVjQ/oLozIA8Ki@jasmine.lan>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="5svL07BQC6m902I5"
Content-Disposition: inline
In-Reply-To: <YIcVjQ/oLozIA8Ki@jasmine.lan>
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 48039-done
Cc: 48039-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


--5svL07BQC6m902I5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Mon, Apr 26, 2021 at 03:33:33PM -0400, Leo Famulari wrote:
> I'm merging the two tickets. I think that updating the package is a
> better choice that simply patching it. I'll probably join our two
> patches together and push that.

Done as 6afe1543271637e3fd1eac82f5ec7af6975a47a5. Thanks for looking out
for these bugs!

--5svL07BQC6m902I5
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmCHqQUACgkQJkb6MLrK
fwiVbBAAmXoEpLiR3rZs+6k5kJx67p5WFYU3iLxdHRwd7kPcQwtGxO7fJzRh5x38
maGEwsiA0fRvaqtEPURQJTR5CneBrIOvwhqffdJDmLQo+4d+3SXqiekXE1ZaksJe
/xHve5xbd6Jh5o4dC3i+nnT0jYhlI2PiSflxIBazID/0jOKs4YQPTcDs9m6K0VMy
mrm/1jPtg3ROO1V5xdpOsaau96iUsCdWmrhETLPclpb+TJnoi3S25To+ij8xFPe5
jaQhAdHIwTzYmAShY+Th+KHA7rumpLFKVFh7ZEJVwkr1LW3r++Nr1nd6vnMFgV36
9PgZFCtCT46qxdKR7IQFQNDWdovhgemWtKzvMsBM9+VAJasbjpl8i1e66X0xua5D
SMbAKAhP2mbDGYfAUNat6dtMSmmEcN2May7Ndc/lGkUDcqPYyEoiC3IMQ7V5TH7z
UTe9FV1cSb5n/E4G7KOk8k8Aj8rxR89TZv9dmtfXxK/BIpdKi9k35ZFmxHuFrF3I
6cIXrU2gUPS0bzkhYNDQixB4M1MKz4umUFmrjijM8rGgCZaIr1aD2QKO+iSaqGJG
7GIiZ2GKvayp2MPjJ5B9c08Xs6uxTB9oG2hMw+OObqSoh6S+3zOs02ch5GD06TmK
J1nziLksaSPjDK8gH7mS7eHjHkLXiviUjQ4wSJwTw8ZWjv4x93k=
=ViAC
-----END PGP SIGNATURE-----

--5svL07BQC6m902I5--




From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 27 03:18:53 2021
Received: (at 48039-done) by debbugs.gnu.org; 27 Apr 2021 07:18:53 +0000
Received: from localhost ([127.0.0.1]:47910 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lbHzh-0002bt-7n
	for submit@debbugs.gnu.org; Tue, 27 Apr 2021 03:18:53 -0400
Received: from mail-ej1-f50.google.com ([209.85.218.50]:45626)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <anothersms@gmail.com>) id 1lbHzd-0002bc-Ps
 for 48039-done@debbugs.gnu.org; Tue, 27 Apr 2021 03:18:51 -0400
Received: by mail-ej1-f50.google.com with SMTP id u3so9395070eja.12
 for <48039-done@debbugs.gnu.org>; Tue, 27 Apr 2021 00:18:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:in-reply-to:references:date:message-id
 :mime-version; bh=ehrIcbpckKOfWVfAm8ylfhPA1uJAQBlj5q2e/FsBZqU=;
 b=dsiYXECK8EZC2PH5LNF7G4ZHgkr7CR0D1r/b/8hN+OUK7HvwuimMVslIEG6Rl5XCtQ
 Xv+wFHHsUQkFYhFGfb0zGuqeSDJSzNT9aNGC6Rqk0rmsKIIEQCmGyRuoRgcV4uOD4ewZ
 a4llc7I6QL5sd/5C7Zi9trwvXPX0cYNro7TOdOo2kg3ni4snPzJmJIGW/bebcAvOG4fO
 unrfTaqEmzP/YBxoHWk+bfTlPnBatclEJ43VWaafhAO6Vg0jUkX86MMs7mDmBZnmrl00
 6iEfeLlg+cc8ReuyEnYMLxo2B5ZZ3dac5SZEiOB0bnXjaqN905MQb4oLn3YK5DKH58lc
 3FjQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date
 :message-id:mime-version;
 bh=ehrIcbpckKOfWVfAm8ylfhPA1uJAQBlj5q2e/FsBZqU=;
 b=QAlKkl4dH2TrExOq7eQ0T/WeerigLgOFQrxqu9v2RtC8rK0r4tE1qMDr/QWjmScT3a
 gVk6lXJ7sK+OjX9G2TsHGLhoToGkpemEqgpTmfV37F9lvMTKJ6emZLRDx7sAMEwfHGh7
 QyglzXBO429gcUGwQ5IWdZUqoVSCwg0cBwez38hTa7YeWrmXyT6/RyCev6rHvZo+h6Sq
 A/0VzAStrrxOXYZymEsmZFoeSYWajUtuSqWr0qZVpB/LAPw8iYvHn0DWJxeGnjgTqZO0
 E/Cu8A1lfWCg1W5pcZ69+iA9QVl6dSUfovVjVU9oYL2HB5N+kElDuK3Etb2mXzQxJrcW
 O6PQ==
X-Gm-Message-State: AOAM530/788tnEJdJJVcEt/M2xe1GRavr2ZgjsTizI4sEEr2AqdZQ/Qa
 nQo5i4FC+53D2Ogcp45WBQJEeglfiIo=
X-Google-Smtp-Source: ABdhPJzZRCvBYAavzeJzXAYO7em4y3fCC8w2Oz6MNcE6g4t2W0r1a1lK9A8x4eiLs2svZgcy4Gt7fg==
X-Received: by 2002:a17:906:1617:: with SMTP id
 m23mr9930258ejd.352.1619507923841; 
 Tue, 27 Apr 2021 00:18:43 -0700 (PDT)
Received: from guixSD (host-79-17-142-89.retail.telecomitalia.it.
 [79.17.142.89])
 by smtp.gmail.com with ESMTPSA id hd30sm12456457ejc.59.2021.04.27.00.18.42
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 27 Apr 2021 00:18:43 -0700 (PDT)
From: =?utf-8?Q?Nicol=C3=B2?= Balzarotti <anothersms@gmail.com>
To: Leo Famulari <leo@famulari.name>
Subject: Re: bug#48039: xorg-server might be vulnerable to CVE-2021-3472
In-Reply-To: <YIepBamiF2f838F2@jasmine.lan>
References: <878s55rm9c.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
 <YIb53KSJPfQf5mn6@jasmine.lan>
 <8735vcsxxt.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
 <YIcVjQ/oLozIA8Ki@jasmine.lan> <YIepBamiF2f838F2@jasmine.lan>
Date: Tue, 27 Apr 2021 09:18:42 +0200
Message-ID: <87v988qjot.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 48039-done
Cc: 48039-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Leo Famulari <leo@famulari.name> writes:

> On Mon, Apr 26, 2021 at 03:33:33PM -0400, Leo Famulari wrote:
>> I'm merging the two tickets. I think that updating the package is a
>> better choice that simply patching it. I'll probably join our two
>> patches together and push that.
>
> Done as 6afe1543271637e3fd1eac82f5ec7af6975a47a5. Thanks for looking out
> for these bugs!
Thank you!




From unknown Sat Jun 21 17:32:30 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Tue, 25 May 2021 11:24:05 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator