GNU bug report logs - #48039
xorg-server might be vulnerable to CVE-2021-3472

Previous Next

Package: guix-patches;

Reported by: Nicolò Balzarotti <anothersms <at> gmail.com>

Date: Mon, 26 Apr 2021 17:26:01 UTC

Severity: normal

Tags: patch, security

Merged with 48001

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: Nicolò Balzarotti <anothersms <at> gmail.com>
Cc: 48039 <at> debbugs.gnu.org
Subject: [bug#48039] xorg-server might be vulnerable to CVE-2021-3472
Date: Mon, 26 Apr 2021 15:33:33 -0400

On Mon, Apr 26, 2021 at 08:27:58PM +0200, Nicolò Balzarotti wrote:
> Leo Famulari <leo <at> famulari.name> writes:
> 
> > On Mon, Apr 26, 2021 at 07:25:35PM +0200, Nicolò Balzarotti wrote:
> >> * gnu/packages/xorg.scm (xorg-server): Update to 1.20.11.
> >
> > Did you see <https://bugs.gnu.org/48001>?
> >
> Ops, sorry for the duplicate, I somehow missed it, I'm closing this

I didn't mean for you to close your message.

We took different approaches to fixing the bug: I applied a patch, and
you updated the package.

The big difference is that your patch doesn't avoid changing the
xorg-server-for-tests package, so it can't be applied to master.

I'm merging the two tickets. I think that updating the package is a
better choice that simply patching it. I'll probably join our two
patches together and push that.

This bug report was last modified 4 years and 27 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #48039 xorg-server might be vulnerable to CVE-2021-3472

GNU bug report logs - #48039
xorg-server might be vulnerable to CVE-2021-3472