#48039 xorg-server might be vulnerable to CVE-2021-3472

Received: (at 48039) by debbugs.gnu.org; 26 Apr 2021 17:35:36 +0000
From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 26 13:35:36 2021
Received: from localhost ([127.0.0.1]:47075 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lb58y-0000tj-AY
	for submit@debbugs.gnu.org; Mon, 26 Apr 2021 13:35:36 -0400
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:55703)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1lb58t-0000tS-UB
 for 48039@debbugs.gnu.org; Mon, 26 Apr 2021 13:35:35 -0400
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42])
 by mailout.nyi.internal (Postfix) with ESMTP id CB38B5C018A;
 Mon, 26 Apr 2021 13:35:25 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute2.internal (MEProxy); Mon, 26 Apr 2021 13:35:25 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:in-reply-to; s=mesmtp; bh=nzSO2hREh+GPa/BM+WkC9mX3
 yiO+KO5WZA3z1uhowhQ=; b=p4XtODxwJOBYOCNOtI9pnsw73oekJLxE+ezZdZi2
 C3cOduWzJmFneXqUP/bacsZyAszYNB3aHWrAET6h4fXg0E/zUwf5u4893otnZNZE
 BKyM5HZ5mm1Nc9jvKX8BM6RQ0MsbwRkCmv67FUEXjD6blEBEnuz3zns9T7pMiIt2
 K+c=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=nzSO2h
 REh+GPa/BM+WkC9mX3yiO+KO5WZA3z1uhowhQ=; b=v3FLu7JL8yjfyZgCoKjTvf
 446dqDIUzMEe5ZE9A4S0zjk3PrcmvrxGol3hsX5ROqcS2zPq0EYd5lLDtG345XFC
 jcO8x2ou5cW/6oMMt5qNA7TWAsZp6WM/pdrANE9g60shC+OU7AJqmQwjekI8IJQ4
 C0nBK6cFqeZWgl9AOB1KHmCJQYahPbR3CzJS/VynliD3O4ejaBhtadfkK2f/AtdO
 9CMHsRGF1XbiKlM1XNxu1AwmdSMOorOJPhyAnYnkOn9p0+eEGRaB+a9pEdFvpBia
 X/0FjXLSzRGt1pb4mZ89ZmPfBagYz941fOpHaRDasZFTTZP6/xb3O9Qz97jnt2tg
 ==
X-ME-Sender: <xms:3fmGYM4tzua_ZVh7kOc3JDZNqQH-BJUOUPNOeyLOJbAoBimMLkFHVQ>
 <xme:3fmGYP7_-twtbmSUST3G8FA5IK9F3ORCLG7Jiyw2e3yAp2C5Rv2vK6aSE7VMrhq_l
 b4Txc0MWrYz8Kwysw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvddukedguddujecutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecufghrlhcuvffnffculddujedmnecujfgurhepff
 fhvffukfhfgggtuggjsehgtderredttddunecuhfhrohhmpefnvghoucfhrghmuhhlrghr
 ihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpedthe
 eigefgfefgiedtteeihefhkeffudeiveevheehleetiefgiedvueffkeevjeenucffohhm
 rghinhepghhnuhdrohhrghenucfkphepuddttddruddurdduieelrdduudeknecuvehluh
 hsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhu
 lhgrrhhirdhnrghmvg
X-ME-Proxy: <xmx:3fmGYE20ekP7rpuHhNvJ2GSck3JcgYBfd9Bt2HvbLIyARA2rJbYmUw>
 <xmx:3fmGYDXoXJfU9dM1edaRrbFJaWPalplVCoxOBrPeGMBAehZ8x1zP6A>
 <xmx:3fmGYH5ptbN6AHQTKbCBTNHmDRSUGojhsexxJzsEwptJ7UuAiVeA3A>
 <xmx:3fmGYL-48XLNwG1vKwq5sIyt3G6mY2-lzlh5oZb_Wm2Wpg0ae13KxA>
Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net
 [100.11.169.118])
 by mail.messagingengine.com (Postfix) with ESMTPA id 909051080064;
 Mon, 26 Apr 2021 13:35:25 -0400 (EDT)
Date: Mon, 26 Apr 2021 13:35:24 -0400
From: Leo Famulari <leo@famulari.name>
To: Nicolò Balzarotti <anothersms@gmail.com>
Subject: Re: bug#48039: xorg-server might be vulnerable to CVE-2021-3472
Message-ID: <YIb53KSJPfQf5mn6@jasmine.lan>
References: <878s55rm9c.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="hJUS4paNEz9LfMRS"
Content-Disposition: inline
In-Reply-To: <878s55rm9c.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  On Mon, Apr 26, 2021 at 07:25:35PM +0200, Nicolò Balzarotti
    wrote: > From a1767951a7b4631c48916f1171f577839fff0df3 Mon Sep 17 00:00:00
    2001 > From: nixo <nicolo@nixo.xyz> > Date: Mon, 26 Apr 2021 19:2 [...] 
 
 Content analysis details:   (1.3 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
                             [URI: nixo.xyz (xyz)]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/,
                             low trust
                             [66.111.4.28 listed in list.dnswl.org]
  0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
                             [66.111.4.28 listed in wl.mailspike.net]
  0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
X-Debbugs-Envelope-To: 48039
Cc: 48039@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 0.3 (/)