xorg-server - Debian Package Tracker

general

source: xorg-server (main)
version: 2:21.1.23-1
maintainer: Debian X Strike Force (archive) (DMD)
arch: all any
std-ver: 3.9.8
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2:1.20.11-1+deb11u13
o-o-sec: 2:1.20.11-1+deb11u17
oldstable: 2:21.1.7-3+deb12u12
old-sec: 2:21.1.7-3+deb12u11
stable: 2:21.1.16-1.3+deb13u2
stable-sec: 2:21.1.16-1.3+deb13u1
testing: 2:21.1.22-1
unstable: 2:21.1.23-1

versioned links

2:1.20.11-1+deb11u13: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:1.20.11-1+deb11u17: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:21.1.7-3+deb12u11: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:21.1.7-3+deb12u12: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:21.1.16-1.3+deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:21.1.16-1.3+deb13u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:21.1.22-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:21.1.23-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

xnest (1 bugs: 0, 1, 0, 0)
xorg-server-source
xserver-common (6 bugs: 0, 1, 5, 0)
xserver-xephyr (19 bugs: 0, 15, 4, 0)
xserver-xorg-core (242 bugs: 0, 206, 36, 0)
xserver-xorg-core-udeb
xserver-xorg-dev (3 bugs: 0, 2, 1, 0)
xserver-xorg-legacy (4 bugs: 0, 1, 3, 0)
xvfb (13 bugs: 1, 10, 2, 0)

action needed

10 security issues in trixie high

There are 10 open security issues in trixie.

9 important issues:

CVE-2026-50256: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50257: A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection destroys the fence, causing the use-after-free. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50258: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift levels and trigger stack overflows. This is caused by an incomplete fix of CVE-2025-26597. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50259: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50260: A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50261: A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50262: An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.
CVE-2026-50263: A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.
CVE-2026-50264: An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for privilege escalation if the X server runs as root.

1 issue left for the package maintainer to handle:

CVE-2023-5574: (postponed; to be fixed through a stable update) A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-08-09 Last update: 2026-06-06 03:48

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2023-5574: A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.

Created: 2023-10-25 Last update: 2026-06-06 03:48

10 security issues in forky high

There are 10 open security issues in forky.

10 important issues:

CVE-2023-5574: A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.
CVE-2026-50256: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50257: A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection destroys the fence, causing the use-after-free. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50258: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift levels and trigger stack overflows. This is caused by an incomplete fix of CVE-2025-26597. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50259: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50260: A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50261: A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50262: An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.
CVE-2026-50263: A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.
CVE-2026-50264: An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for privilege escalation if the X server runs as root.

Created: 2025-08-09 Last update: 2026-06-06 03:48

16 security issues in bullseye high

There are 16 open security issues in bullseye.

9 important issues:

CVE-2026-50256: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50257: A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection destroys the fence, causing the use-after-free. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50258: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift levels and trigger stack overflows. This is caused by an incomplete fix of CVE-2025-26597. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50259: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50260: A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50261: A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50262: An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.
CVE-2026-50263: A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.
CVE-2026-50264: An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for privilege escalation if the X server runs as root.

7 issues postponed or untriaged:

CVE-2023-5574: (needs triaging) A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.
CVE-2022-49737: (postponed; to be fixed through a stable update) In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock.
CVE-2026-33999: (postponed; to be fixed through a stable update) A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
CVE-2026-34000: (postponed; to be fixed through a stable update) A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.
CVE-2026-34001: (postponed; to be fixed through a stable update) A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
CVE-2026-34002: (postponed; to be fixed through a stable update) A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service.
CVE-2026-34003: (postponed; to be fixed through a stable update) A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.

Created: 2026-06-02 Last update: 2026-06-06 03:48

11 security issues in bookworm high

There are 11 open security issues in bookworm.

9 important issues:

CVE-2026-50256: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50257: A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection destroys the fence, causing the use-after-free. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50258: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift levels and trigger stack overflows. This is caused by an incomplete fix of CVE-2025-26597. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50259: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50260: A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50261: A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVE-2026-50262: An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.
CVE-2026-50263: A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.
CVE-2026-50264: An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for privilege escalation if the X server runs as root.

2 issues left for the package maintainer to handle:

CVE-2023-5574: (postponed; to be fixed through a stable update) A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.
CVE-2022-49737: (postponed; to be fixed through a stable update) In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-10-25 Last update: 2026-06-06 03:48

lintian reports 13 errors and 15 warnings high

Lintian reports 13 errors and 15 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-06-03 Last update: 2026-06-03 10:30

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 3.9.8).

Created: 2017-07-07 Last update: 2026-06-02 19:31

41 bugs tagged patch in the BTS normal

The BTS contains patches fixing 41 bugs, consider including or untagging them.

Created: 2026-06-02 Last update: 2026-06-11 23:00

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2026-06-07 Last update: 2026-06-11 22:31

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2025-11-04 Last update: 2026-06-11 18:01

1 open merge request in Salsa normal

There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-09-23 Last update: 2025-09-23 17:32

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

xorg-server-source could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2026-06-11 18:31

testing migrations

excuses:
- Migration status for xorg-server (2:21.1.22-1 to 2:21.1.23-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Autopkgtest for aevol/9.4.0-1: amd64: Pass, arm64: Pass, loong64: Test triggered (failure will be ignored), ppc64el: Pass, riscv64: Pass, s390x: Test triggered (failure will be ignored)
- ∙ ∙ Autopkgtest for amide/1.0.6-8.2: amd64: No tests, superficial or marked flaky ♻, arm64: No tests, superficial or marked flaky ♻ (reference ♻), i386: No tests, superficial or marked flaky ♻ (reference ♻), loong64: Test triggered (failure will be ignored), ppc64el: No tests, superficial or marked flaky ♻ (reference ♻), riscv64: No tests, superficial or marked flaky ♻, s390x: No tests, superficial or marked flaky ♻
- ∙ ∙ Autopkgtest for coyote/2022.04.12-3: amd64: Pass, arm64: Pass, i386: No tests, superficial or marked flaky ♻ (reference ♻), loong64: Pass, ppc64el: Test triggered (failure will be ignored), riscv64: Pass, s390x: Pass
- ∙ ∙ Autopkgtest for libreoffice/4:26.2.4.2-1: amd64: Pass, arm64: Test triggered (failure will be ignored), i386: Test triggered (failure will be ignored), loong64: Failed (not a regression) ♻ (reference ♻), ppc64el: Pass, riscv64: Failed (not a regression) ♻ (reference ♻), s390x: Pass
- ∙ ∙ Autopkgtest for openjdk-21/21.0.11+10-1: amd64: Pass, arm64: Test triggered (failure will be ignored), i386: Pass, loong64: Test triggered (failure will be ignored), ppc64el: Test triggered (failure will be ignored), riscv64: Test triggered (failure will be ignored), s390x: Pass
- ∙ ∙ Autopkgtest for openjdk-25/25.0.3+9-2: amd64: Pass, arm64: Test triggered (failure will be ignored), i386: Pass, loong64: Test triggered (failure will be ignored), ppc64el: Test triggered (failure will be ignored), riscv64: Test triggered (failure will be ignored), s390x: Pass
- ∙ ∙ Autopkgtest for openjdk-26/26+35-2: amd64: Pass, arm64: Test triggered (failure will be ignored), i386: Pass, loong64: Test triggered (failure will be ignored), ppc64el: Test triggered (failure will be ignored), riscv64: Test triggered (failure will be ignored), s390x: Pass
- ∙ ∙ Autopkgtest for openjdk-27/27~13ea-2: arm64: Pass ♻ (reference ♻), loong64: Pass ♻, ppc64el: Pass ♻ (reference ♻), riscv64: Pass ♻
- ∙ ∙ Autopkgtest for refnx/0.1.62-1: amd64: Pass, arm64: Regression ♻ (reference ♻), i386: Pass, loong64: No tests, superficial or marked flaky ♻ (reference ♻), ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Autopkgtest for rust-gtk4/0.10.3-2: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Test triggered (failure will be ignored), s390x: Pass
- ∙ ∙ Autopkgtest for thunderbird/1:140.11.0esr-1: amd64: Pass, arm64: Test triggered (failure will be ignored), i386: Pass, loong64: No tests, superficial or marked flaky ♻, ppc64el: No tests, superficial or marked flaky ♻ (reference ♻), riscv64: Test triggered (failure will be ignored), s390x: Failed (not a regression) ♻ (reference ♻)
- ∙ ∙ Autopkgtest for xorg-server/2:21.1.23-1: amd64: No tests, superficial or marked flaky ♻, arm64: No tests, superficial or marked flaky ♻ (reference ♻), i386: No tests, superficial or marked flaky ♻ (reference ♻), loong64: No tests, superficial or marked flaky ♻ (reference ♻), ppc64el: No tests, superficial or marked flaky ♻ (reference ♻), riscv64: No tests, superficial or marked flaky ♻, s390x: No tests, superficial or marked flaky ♻
- Additional info (not blocking):
- ∙ ∙ Updating xorg-server will fix bugs in testing: #1138680
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/x/xorg-server.html
- ∙ ∙ Reproduced on amd64 - info
- ∙ ∙ Reproduced on arm64 - info
- ∙ ∙ Reproduced on armhf - info
- ∙ ∙ Reproduced on i386 - info
- ∙ ∙ 10 days old (needed 5 days)
- Not considered

news

[rss feed]

[2026-06-02] Accepted xorg-server 2:21.1.23-1 (source) into unstable (Timo Aaltonen)
[2026-05-02] Accepted xorg-server 2:21.1.7-3+deb12u12 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2026-04-30] Accepted xorg-server 2:21.1.16-1.3+deb13u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2026-04-30] xorg-server 2:21.1.22-1 MIGRATED to testing (Debian testing watch)
[2026-04-14] Accepted xorg-server 2:21.1.22-1 (source) into unstable (Timo Aaltonen)
[2025-11-30] xorg-server 2:21.1.21-1 MIGRATED to testing (Debian testing watch)
[2025-11-25] Accepted xorg-server 2:21.1.21-1 (source) into unstable (Timo Aaltonen)
[2025-11-04] xorg-server 2:21.1.20-1 MIGRATED to testing (Debian testing watch)
[2025-11-01] Accepted xorg-server 2:21.1.7-3+deb12u11 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2025-10-29] Accepted xorg-server 2:21.1.16-1.3+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2025-10-29] Accepted xorg-server 2:21.1.20-1 (source) into unstable (Emilio Pozuelo Monfort)
[2025-10-29] Accepted xorg-server 2:1.20.11-1+deb11u17 (source) into oldoldstable-security (Thorsten Alteholz)
[2025-10-29] Accepted xorg-server 2:21.1.7-3+deb12u11 (source) into oldstable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2025-10-29] Accepted xorg-server 2:21.1.16-1.3+deb13u1 (source) into stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2025-09-10] xorg-server 2:21.1.18-2 MIGRATED to testing (Debian testing watch)
[2025-08-27] Accepted xorg-server 2:21.1.18-2 (source) into unstable (Timo Aaltonen)
[2025-06-30] xorg-server 2:21.1.16-1.3 MIGRATED to testing (Debian testing watch)
[2025-06-27] Accepted xorg-server 2:21.1.18-1 (source) into experimental (Timo Aaltonen)
[2025-06-25] Accepted xorg-server 2:1.20.11-1+deb11u16 (source) into oldstable-security (Emilio Pozuelo Monfort)
[2025-06-23] Accepted xorg-server 2:21.1.7-3+deb12u10 (source) into proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2025-06-23] Accepted xorg-server 2:21.1.7-3+deb12u10 (source) into stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2025-06-22] Accepted xorg-server 2:21.1.16-1.3 (source) into unstable (Salvatore Bonaccorso)
[2025-06-17] Accepted xorg-server 2:21.1.16-1.2 (source) into unstable (Salvatore Bonaccorso)
[2025-05-14] xorg-server 2:21.1.16-1.1 MIGRATED to testing (Debian testing watch)
[2025-05-07] Accepted xorg-server 2:21.1.16-1.1 (source) into unstable (Salvatore Bonaccorso)
[2025-03-11] xorg-server 2:21.1.16-1 MIGRATED to testing (Debian testing watch)
[2025-03-01] Accepted xorg-server 2:21.1.7-3+deb12u9 (source) into proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2025-02-28] Accepted xorg-server 2:21.1.7-3+deb12u9 (source) into stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2025-02-28] Accepted xorg-server 2:1.20.11-1+deb11u15 (source) into oldstable-security (Thorsten Alteholz)
[2025-02-26] Accepted xorg-server 2:21.1.16-1 (source) into unstable (Emilio Pozuelo Monfort)

bugs [bug history graph]

all: 311 317
RC: 1
I&N: 250 256
M&W: 60
F&P: 0
patch: 41

links

homepage
lintian (13, 15)
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
l10n (99, -)
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2:21.1.22-1ubuntu1
patches for 2:21.1.22-1ubuntu1