On 4/14/26 06:47, Olivier Fourdan wrote:
======================================================================
X.Org Security Advisory: April 14, 2026
Issues in X.Org X server prior to 21.1.22 and Xwayland prior to 24.1.10
======================================================================
Multiple issues have been found in the X server and Xwayland implementations
published by X.Org for which we are releasing security fixes for in
xorg-server-21.1.22 and xwayland-24.1.10.
Note that the releases include additional fixes that don't have CVEs assigned,
including hardening changes & fixing issues found by gcc's -fanalyzer, and
adds a SECURITY.md file covering X.Org's security reporting & announcement
processes, and the security model we use to evaluate reported issues,
so those concerned about security are recommended to adopt the entire
release, not just apply the patches for the CVEs.
https://gitlab.freedesktop.org/xorg/xserver/-/commits/xwayland-24.1
https://gitlab.freedesktop.org/xorg/xserver/-/commits/server-21.1-branch
--
-Alan Coopersmith- [email protected]
X.Org Security Response Team - [email protected]
