GNU bug report logs - #74248
[PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632.

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Kaelyn Takata <kaelyn.alexi <at> protonmail.com>
Subject: bug#74248: closed (Re: [bug#74248] [PATCH 0/3] Update xorg-server
 and xwayland for CVE-2024-9632.)
Date: Thu, 28 Nov 2024 05:32:02 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#74248: [PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632.

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 74248 <at> debbugs.gnu.org.

-- 
74248: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=74248
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: John Kehayias <john.kehayias <at> protonmail.com>
To: Kaelyn Takata <kaelyn.alexi <at> protonmail.com>
Cc: 74248-done <at> debbugs.gnu.org, Andreas Enge <andreas <at> enge.fr>,
 Steve George <steve <at> futurile.net>
Subject: Re: [bug#74248] [PATCH 0/3] Update xorg-server and xwayland for
 CVE-2024-9632.
Date: Thu, 28 Nov 2024 05:31:03 +0000

Hi Kaelyn,

(Andreas: your message did not go to the original author; CC'ing you and
Steve who you CC'ed in your message. If using debbugs through Emacs, for
instance, make sure you do a "wide-reply" or else the author isn't
included. I really wish a bug number email was an alias for a list.)

On Thu, Nov 07, 2024 at 09:33 PM, Kaelyn Takata wrote:

> This patch series updates xorg-server and xorg-server-xwayland to their latest
> versions to fix CVE-2024-9632, which Red Hat has rated "7.8 High" according to
> https://nvd.nist.gov/vuln/detail/CVE-2024-9632.
>
> The updated Xwayland depends on a newer version of presentproto than is
> available in the current xorgproto package, so I added xorgproto-next to
> satisfy Xwayland's dependency while avoiding triggering 10761 additional
> package rebuilds.
>

Thanks for the patches, sorry I missed this earlier.

> Kaelyn Takata (3):
>   gnu: xorg-server: Update to 21.1.14. [security fixes]

I've applied this now as dd4b96e72c8fda4b025a75b47212e06e381e9ea1 (with
a minor change to move a period.)

>   gnu: Add xorgproto-next.
>   gnu: xorg-server-xwayland: Update to 24.1.4 [security fixes].
>

These two look like they were done similarly by Danny in
e6d1f571957e5668b844939070174aedf0bec673. CC'ing just to close the loop
here.

>  gnu/packages/xorg.scm | 35 ++++++++++++++++++++++++++++-------
>  1 file changed, 28 insertions(+), 7 deletions(-)
>
>
> base-commit: 2a6d96425eea57dc6dd48a2bec16743046e32e06
> --
> 2.46.0

Thanks!
John

[Message part 3 (message/rfc822, inline)]

From: Kaelyn Takata <kaelyn.alexi <at> protonmail.com>
To: guix-patches <at> gnu.org
Cc: Kaelyn Takata <kaelyn.alexi <at> protonmail.com>
Subject: [PATCH 0/3] Update xorg-server and xwayland for CVE-2024-9632.
Date: Thu, 07 Nov 2024 21:33:03 +0000

This patch series updates xorg-server and xorg-server-xwayland to their latest
versions to fix CVE-2024-9632, which Red Hat has rated "7.8 High" according to
https://nvd.nist.gov/vuln/detail/CVE-2024-9632.

The updated Xwayland depends on a newer version of presentproto than is
available in the current xorgproto package, so I added xorgproto-next to
satisfy Xwayland's dependency while avoiding triggering 10761 additional
package rebuilds.

Kaelyn Takata (3):
  gnu: xorg-server: Update to 21.1.14. [security fixes]
  gnu: Add xorgproto-next.
  gnu: xorg-server-xwayland: Update to 24.1.4 [security fixes].

 gnu/packages/xorg.scm | 35 ++++++++++++++++++++++++++++-------
 1 file changed, 28 insertions(+), 7 deletions(-)


base-commit: 2a6d96425eea57dc6dd48a2bec16743046e32e06
--
2.46.0

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.