-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 19 Feb 2025 14:42:13 +0100 Source: xorg-server Architecture: source Version: 2:21.1.7-3+deb12u9 Distribution: bookworm-security Urgency: high Maintainer: Debian X Strike Force <debian-x@lists.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Changes: xorg-server (2:21.1.7-3+deb12u9) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Cursor: Refuse to free the root cursor (CVE-2025-26594) * dix: keep a ref to the rootCursor (CVE-2025-26594) * xkb: Fix buffer overflow in XkbVModMaskText() (CVE-2025-26595) * xkb: Fix computation of XkbSizeKeySyms (CVE-2025-26596) * xkb: Fix buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597) * Xi: Fix barrier device search (CVE-2025-26598) * composite: Handle failure to redirect in compRedirectWindow() (CVE-2025-26599) * composite: initialize border clip even when pixmap alloc fails (CVE-2025-26599) * dix: Dequeue pending events on frozen device on removal (CVE-2025-26600) * sync: Do not let sync objects uninitialized (CVE-2025-26601) * sync: Check values before applying changes (CVE-2025-26601) * sync: Do not fail SyncAddTriggerToSyncObject() (CVE-2025-26601) * sync: Apply changes last in SyncChangeAlarmAttributes() (CVE-2025-26601) Checksums-Sha1: 561b6bf3a7e415ebfade4cbb63fd0a79669b0117 4394 xorg-server_21.1.7-3+deb12u9.dsc bfffeceae5cf67f1d7ffd7c960986a348642ea0c 195417 xorg-server_21.1.7-3+deb12u9.diff.gz e8ae2f705e9b606b97a85eddcf38c9bee81b8c52 15735 xorg-server_21.1.7-3+deb12u9_amd64.buildinfo Checksums-Sha256: 30e2049e5a40d79dffdb468e6a643d42b2d3d28fb0c29d813b275eaa72ade1e2 4394 xorg-server_21.1.7-3+deb12u9.dsc 402964c688991d4fd64e3c9001a18326f90d58c658b1d3db33d23214047c5818 195417 xorg-server_21.1.7-3+deb12u9.diff.gz f97960b9415501c1a41dde453a1a30e9832e6d44664465cde036296b18dfcf9d 15735 xorg-server_21.1.7-3+deb12u9_amd64.buildinfo Files: 689c3615608ea64d0e268ffed60b8656 4394 x11 optional xorg-server_21.1.7-3+deb12u9.dsc 2ec0897063a5d9891069b12517cb5795 195417 x11 optional xorg-server_21.1.7-3+deb12u9.diff.gz 72f46e1955c301be3803b24aa871e6df 15735 x11 optional xorg-server_21.1.7-3+deb12u9_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAme14R9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EaeMP/3wAhN34zlrc3gqbPZevcV7CtPmF4Hwp MdpzZXP/fP1Kl6wjzebYLHB9IoetV66uQrC3EPICFs3m3XA5sB4b/WQ9PymFwZOI PBBTn3QY8+UunPYBTEj1m7hRxx9nJmq1193LQ351X0hH+4QryRO5/ZzfFgW1VuOU oZ9nnAM03z67R1SNpizAwNwYfTl4jafQJnU8hodRQUtUgtWq7khe5D68Oz/poeTj PePWJxl1jKSgGan4cAa0X57SYKiLL2RWp+0XweLd8TpHAQH5p7lzvA7/sOeBfV2C uXIVtE+gxmefzo9gwmm713Hgv5YoicxsGRaEfSzfHQwwCT2v/jkr/GzUyH6c18Jj wZQoAnbjMw3Vdk8CfZLki+5R8DcJyZy+rAowJTDfFpvdORpT+Qncxydrgq0GzB/B GYfOdm7GCitNlCy5ubUnKUJzdZSxKEz23t9wKZcIn2dnwZOhvh2KvoR6gUo3yAQW ew7AECx89Hy4nYXdGKqUdBJbjpFJ6gKLlm9T8f2uEg6m8OBl/LPQI4f33FvCljWl jDM8/r8ryh0i3YeQ6qkqwc2kIAetioeFIf0WT7SaIIk4jCyTOuvz/+VOwbTgEoeA KKMH4gk9jM16NIc+VfSqcAFjKqXI+Y3GD/IKhYyDFPmh0peVJm2Al/eMysKW6toZ r+9COEJguB+S =H9tI -----END PGP SIGNATURE-----
