xorg-server (2:21.1.16-1) [PTS] [DDPO]

COMMITS: VCS has seen 1 commit since the xorg-server-2_21.1.16-1 tag

Git: https://salsa.debian.org/xorg-team/xserver/xorg-server.git
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: debian-unstable
Path: debian/changelog
Repo size: 29409280
Browser: https://salsa.debian.org/xorg-team/xserver/xorg-server
Last scan: 2025-03-27 06:10:12+00
Next scan: 2025-04-03 01:41:00+00
Merge requests: 1
CI pipeline status: success

Debian changelog in Git:

xorg-server (2:21.1.16-1) unstable; urgency=medium

  * New upstream release. Fixes:
    - CVE-2025-26594: use-after-free of the root cursor
    - CVE-2025-26595: buffer overflow in XkbVModMaskText
    - CVE-2025-26596: heap overflow in XkbWriteKeySyms
    - CVE-2025-26597: buffer overflow in XkbChangeTypesOfKey
    - CVE-2025-26598: out-of-bounds write in CreatePointerBarrierClient
    - CVE-2025-26599: use of uninitialized pointer in compRedirectWindow
    - CVE-2025-26600: use-after-free in PlayReleasedEvents
    - CVE-2025-26601: use-after-free in SyncInitTrigger
    (Closes: #1098906).
  * debian/patches/03_autotools-enable-static-use-of-Nettle-for-SHA1.diff,
    debian/patches/xfree86-fbdevhw-fix-pci-detection-on-recent-Linux.patch:
    - Dropped, included upstream.

 -- Emilio Pozuelo Monfort <pochu@debian.org>  Wed, 26 Feb 2025 10:22:45 +0100

This branch is 1 commit ahead of tag xorg-server-2_21.1.16-1

Git log:

commit 34254bf500874a23cedfac8ef5f94612b735a99f
Author: NoisyCoil <noisycoil@tutanota.com>
Date:   Wed Mar 26 23:41:43 2025 +0100

    Drop apple silicon patch, merged upstream