#48039 - xorg-server might be vulnerable to CVE-2021-3472

Package	Source(s)		Maintainer(s)
guix-patches		PTS Buildd Popcon

Message #27 received at 48039@debbugs.gnu.org (full text, mbox, reply):

Received: (at 48039) by debbugs.gnu.org; 26 Apr 2021 19:33:44 +0000
From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 26 15:33:44 2021
Received: from localhost ([127.0.0.1]:47239 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lb6zH-0001z7-Nl
	for submit@debbugs.gnu.org; Mon, 26 Apr 2021 15:33:43 -0400
Received: from wout4-smtp.messagingengine.com ([64.147.123.20]:38395)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1lb6zF-0001yu-Ml
 for 48039@debbugs.gnu.org; Mon, 26 Apr 2021 15:33:42 -0400
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42])
 by mailout.west.internal (Postfix) with ESMTP id E01DA1695;
 Mon, 26 Apr 2021 15:33:35 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute2.internal (MEProxy); Mon, 26 Apr 2021 15:33:36 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:content-transfer-encoding:in-reply-to; s=mesmtp;
 bh=ptudnDfpAcJFisMawnCS7xWEeaTyfJ89SkuYX3Hvor8=; b=vnxgdDSnOTWc
 lwXzHC7wgHiAPTUCju03rdMvl43wSo6b+0gjXcM0VdG5ofT1Oq//wkcsu8YACLLM
 ErmTCccGfjaBuDno7p4FSwN5izjwB+Pd4X6P171iioylT0xABQsJROpiS6hQ+w3g
 GYLJFElJsvE27OrA3gu+bQQXSCxB6B0=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm2; bh=ptudnDfpAcJFisMawnCS7xWEeaTyfJ89SkuYX3Hvo
 r8=; b=syzeq0SiUTcUbUqd/bBay4OC4lP043PLnQDI4pFnCF5X9an9OyigstCcx
 EJ0RcZJSc9VYwXUeLZTAY9ZjdBoHlFwBzDWOA0O6LTKhbrszfWdqgegXS7dbVqbf
 n1nK0w/NmOtCmy5CokCo2pHeX6j8gzG0kTTF3JqTCm7KJjTTY7bJ76D8G7wlHMeA
 bedowfVJ7MrcwFKyZ1fPa5j7RuXOx6MIFHRYXGAErVwNS6WqqWoFCEVZaG1pgZjp
 Ww+LC8NHLvyTHVqI+6g9FJRnT5yd3LniPSvJMJvJy9/n/bePEuDawRjETDVJf6IE
 mxyuG8JRSc3z12sYawXYjyz3h0bYw==
X-ME-Sender: <xms:jxWHYAXoRF7muAo_lylM3IiZ_4206fNcaQeG5B2r0O_z9PIPTXS-mg>
 <xme:jxWHYElkXY7s1P2ibSQSYr8EVOpERRkVnseVLaL8VQvvCo_TNks-yIUU-3_9r5HxR
 KfipsZJp1bQZBbARg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvdduledgtdegucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggugfgjsehtke
 ertddttddunecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhl
 rghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpeegieelteeuuedujeehfefhtddugf
 effeehuedtueevfefhhffffffgveeileduhfenucffohhmrghinhepghhnuhdrohhrghen
 ucfkphepuddttddruddurdduieelrdduudeknecuvehluhhsthgvrhfuihiivgeptdenuc
 frrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg
X-ME-Proxy: <xmx:jxWHYEahiT4BLNcpMM6b0ZaIts-utTKr11s1dUJxqrXrNAKTk3l9Pg>
 <xmx:jxWHYPX66exI74FW-_a9FxZWlB8tktRX5OVTclF0pVN-0WT-9kHzYQ>
 <xmx:jxWHYKm8NyP7HLZmQEqX0yJpsU0F7y2PDUzlHmL4Z--qL6FgCgpFqQ>
 <xmx:jxWHYER3pKAuYo7FXf_RstTK7cPRvooMMvj1VjmJ3a54YeeLmxwvtQ>
Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net
 [100.11.169.118]) by mail.messagingengine.com (Postfix) with ESMTPA;
 Mon, 26 Apr 2021 15:33:35 -0400 (EDT)
Date: Mon, 26 Apr 2021 15:33:33 -0400
From: Leo Famulari <leo@famulari.name>
To: Nicolò Balzarotti <anothersms@gmail.com>
Subject: Re: bug#48039: xorg-server might be vulnerable to CVE-2021-3472
Message-ID: <YIcVjQ/oLozIA8Ki@jasmine.lan>
References: <878s55rm9c.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
 <YIb53KSJPfQf5mn6@jasmine.lan>
 <8735vcsxxt.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <8735vcsxxt.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 48039
Cc: 48039@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

On Mon, Apr 26, 2021 at 08:27:58PM +0200, Nicolò Balzarotti wrote:
> Leo Famulari <leo@famulari.name> writes:
> 
> > On Mon, Apr 26, 2021 at 07:25:35PM +0200, Nicolò Balzarotti wrote:
> >> * gnu/packages/xorg.scm (xorg-server): Update to 1.20.11.
> >
> > Did you see <https://bugs.gnu.org/48001>?
> >
> Ops, sorry for the duplicate, I somehow missed it, I'm closing this

I didn't mean for you to close your message.

We took different approaches to fixing the bug: I applied a patch, and
you updated the package.

The big difference is that your patch doesn't avoid changing the
xorg-server-for-tests package, so it can't be applied to master.

I'm merging the two tickets. I think that updating the package is a
better choice that simply patching it. I'll probably join our two
patches together and push that.

Display info messages

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Tue Mar 11 06:59:55 2025; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

#48039 xorg-server might be vulnerable to CVE-2021-3472