Your message dated Sun, 22 Jun 2025 08:34:14 +0000
with message-id <e1utg9w-00h0lp...@fasolo.debian.org>
and subject line Bug#1108073: fixed in xorg-server 2:21.1.16-1.3
has caused the Debian Bug report #1108073,
regarding xorg-server: Followup to CVE-2025-49176
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1108073: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108073
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: xorg-server
Version: 2:21.1.16-1.2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
As per
https://www.openwall.com/lists/oss-security/2025/06/18/2
https://gitlab.freedesktop.org/xorg/xserver/-/commit/4fc4d76b2c7aaed61ed2653f997783a3714c4fe1
there is another case where the BigRequest length can cause an
overflow, so an additional commit is required as followup to the fixes
for CVE-2025-49176.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: xorg-server
Source-Version: 2:21.1.16-1.3
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1108...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated xorg-server
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 20 Jun 2025 09:47:20 +0200
Source: xorg-server
Architecture: source
Version: 2:21.1.16-1.3
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debia...@lists.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1108073
Changes:
xorg-server (2:21.1.16-1.3) unstable; urgency=medium
.
* Non-maintainer upload.
* os: Check for integer overflow on BigRequest length (CVE-2025-49176)
(Closes: #1108073)
Checksums-Sha1:
a2a9540d62314a48d513220f133c498fa2bb7123 4204 xorg-server_21.1.16-1.3.dsc
23ed08251b59534b6aad761536fc76f5b2e0de71 185186 xorg-server_21.1.16-1.3.diff.gz
8b39bdd89b7d5115c8af090ac24feb29528d4e6d 8215
xorg-server_21.1.16-1.3_source.buildinfo
Checksums-Sha256:
8cb3b80fbce350091e70ffc21964cf961f1ae788b855ee5c01f884fa119225e2 4204
xorg-server_21.1.16-1.3.dsc
fe4e154d606ae7c7b462c5c2c4b11dfa0b8fa337b92c4729428adf54a9ca9359 185186
xorg-server_21.1.16-1.3.diff.gz
37e5c1ad2801df81fa5101090f18e6f4516421ccc5dd24a08c215ab837029be4 8215
xorg-server_21.1.16-1.3_source.buildinfo
Files:
46474730880923bd6590396c854e7700 4204 x11 optional xorg-server_21.1.16-1.3.dsc
eec0aa0356f8ee8f0d31b3905befefc2 185186 x11 optional
xorg-server_21.1.16-1.3.diff.gz
d3034ecf882d6a307e443262e31bd40d 8215 x11 optional
xorg-server_21.1.16-1.3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmhVFaFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Eb2sP/jS95irG9qhYwr33BOjwTsC7ZrlltLfq
s/Uj+dnMuASAnaIWwm73ygdTTvwmitFZRp5ovBD1xi3Egw00UZ5+Lgq5cSqWPPS/
Xd+WzQBzUSQPLojSYQ7It7SgwANQFseGJNzBP2tiDa+aG+XlBIR82NhE6tXSHNN+
Exc12bziWdFCZMyQ5o1au0DLe0dFMx4D9xCnvYwPmaltP5/rB5V+Rnjt8nybQlq9
Hn5qBZO8iTQZs2fFsdMRufVFTfRV+egl3Nqkx9t+i8/R0MTbidjZ5jD+HqDmiLbR
CfpAHAAddmk+omJp7TpIprabQC9/6TNvHXzh2oM6lzXu/eO1SuU6581PEkZoBVOM
tog0fJN0sGCV29Tpd35mgvsaWWduXwaWXeue8FK3zZ+2Slmh12hRe1DWyVUouOwg
d+9593ub0ZVyvwFDZZMux/dDCbCzhPZAR25MaAtuKkmTrkzPZ6BDoFrxY3M0doUu
vwgWcNdZ0MLq/1r2s20GDvXQLeRXIMtOrjvWm5O9+SG1/tZMO6RWZZk4JNsZtbzc
Z6eFRNOmXEVG+07XaGwmGeOvjvDeCPsZnkQyj0PriVUBdVkSSUkjHf1AcUAm/gv1
6FYUbfa9FxslCtkRmvD0OI/FCd7pvP7rvlhAqxo3g0FCs7+exesqRirDrnEJRbLk
Zx4ddydulqSq
=MGnV
-----END PGP SIGNATURE-----
pgp8EslKtUdrB.pgp
Description: PGP signature
--- End Message ---
