[ubuntu/questing-proposed] xwayland 2:24.1.6-1ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Fri Jun 20 12:51:17 UTC 2025
xwayland (2:24.1.6-1ubuntu1) questing; urgency=medium
* SECURITY UPDATE: Out-of-bounds access in X Rendering extension
- debian/patches/CVE-2025-49175.patch: avoid 0 or less animated cursors
in render/animcur.c, render/render.c.
- CVE-2025-49175
* SECURITY UPDATE: Integer overflow in Big Requests Extension
- debian/patches/CVE-2025-49176.patch: do not overflow the integer size
with BigRequest in dix/dispatch.c, os/io.c.
- CVE-2025-49176
* SECURITY UPDATE: Data leak in XFIXES Extension 6
- debian/patches/CVE-2025-49177.patch: check request length for
SetClientDisconnectMode in xfixes/disconnect.c.
- CVE-2025-49177
* SECURITY UPDATE: Unprocessed client request via bytes to ignore
- debian/patches/CVE-2025-49178.patch: account for bytes to ignore when
sharing input buffer in os/io.c.
- CVE-2025-49178
* SECURITY UPDATE: Integer overflow in X Record extension
- debian/patches/CVE-2025-49179.patch: check for overflow in
RecordSanityCheckRegisterClients() in record/record.c.
- CVE-2025-49179
* SECURITY UPDATE: Integer overflow in RandR extension
- debian/patches/CVE-2025-49180-1.patch: check for overflow in
RRChangeProviderProperty() in randr/rrproviderproperty.c.
- CVE-2025-49180
Date: Fri, 20 Jun 2025 08:39:52 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/xwayland/2:24.1.6-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 20 Jun 2025 08:39:52 -0400
Source: xwayland
Built-For-Profiles: noudeb
Architecture: source
Version: 2:24.1.6-1ubuntu1
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
xwayland (2:24.1.6-1ubuntu1) questing; urgency=medium
.
* SECURITY UPDATE: Out-of-bounds access in X Rendering extension
- debian/patches/CVE-2025-49175.patch: avoid 0 or less animated cursors
in render/animcur.c, render/render.c.
- CVE-2025-49175
* SECURITY UPDATE: Integer overflow in Big Requests Extension
- debian/patches/CVE-2025-49176.patch: do not overflow the integer size
with BigRequest in dix/dispatch.c, os/io.c.
- CVE-2025-49176
* SECURITY UPDATE: Data leak in XFIXES Extension 6
- debian/patches/CVE-2025-49177.patch: check request length for
SetClientDisconnectMode in xfixes/disconnect.c.
- CVE-2025-49177
* SECURITY UPDATE: Unprocessed client request via bytes to ignore
- debian/patches/CVE-2025-49178.patch: account for bytes to ignore when
sharing input buffer in os/io.c.
- CVE-2025-49178
* SECURITY UPDATE: Integer overflow in X Record extension
- debian/patches/CVE-2025-49179.patch: check for overflow in
RecordSanityCheckRegisterClients() in record/record.c.
- CVE-2025-49179
* SECURITY UPDATE: Integer overflow in RandR extension
- debian/patches/CVE-2025-49180-1.patch: check for overflow in
RRChangeProviderProperty() in randr/rrproviderproperty.c.
- CVE-2025-49180
Checksums-Sha1:
e5e21aafe725e319431830a94348346c39e9538f 2385 xwayland_24.1.6-1ubuntu1.dsc
71307b6073478b9f60e034e03844cdba20800396 38948 xwayland_24.1.6-1ubuntu1.debian.tar.xz
6cd443d92f2ba9d024e1f6de742165cb4bcb01cb 10555 xwayland_24.1.6-1ubuntu1_source.buildinfo
Checksums-Sha256:
37298d395ed2e069e9b44dcfe7c9feec8acc11ff81db13ef7a05eeec2f234b51 2385 xwayland_24.1.6-1ubuntu1.dsc
4b4cef7bbf8492d4937432511c94e9129349e125b1ef93850cc6bd5a8f528831 38948 xwayland_24.1.6-1ubuntu1.debian.tar.xz
f3beb3e51e08adfd62f33c05850f86f159f3ed005b76b9a8463ee5fbd98be408 10555 xwayland_24.1.6-1ubuntu1_source.buildinfo
Files:
5127756ae7076aaa997bb2c59d41c085 2385 x11 optional xwayland_24.1.6-1ubuntu1.dsc
a58ba9b1d4036961a1d02f92bdfa91ce 38948 x11 optional xwayland_24.1.6-1ubuntu1.debian.tar.xz
0ac609606067773babaf87023550d56d 10555 x11 optional xwayland_24.1.6-1ubuntu1_source.buildinfo
Original-Maintainer: Debian X Strike Force <debian-x at lists.debian.org>
More information about the Questing-changes
mailing list