Source: xorg-server Version: 2:21.1.11-1 Severity: important Tags: upstream X-Debbugs-Cc: car...@debian.org, jcris...@debian.org, a...@debian.org, t...@security.debian.org
While preparing the update for xorg-server for bookworm an autopkgtest regression in uqm was seen. The same is shown with the 2:21.1.11-1 upload to unstable: https://ci.debian.net/packages/u/uqm/testing/amd64/41866714/ Julien Cristau was able to reproduce the leak independly from uqm: Xvfb :10 & sleep 2; DISPLAY=:10 xdpyinfo >/dev/null resulting in 1 XSELINUXs still allocated at reset SCREEN: 0 objects of 304 bytes = 0 total bytes 0 private allocs DEVICE: 0 objects of 88 bytes = 0 total bytes 0 private allocs CLIENT: 0 objects of 144 bytes = 0 total bytes 0 private allocs WINDOW: 0 objects of 48 bytes = 0 total bytes 0 private allocs PIXMAP: 0 objects of 16 bytes = 0 total bytes 0 private allocs GC: 0 objects of 16 bytes = 0 total bytes 0 private allocs CURSOR: 1 objects of 8 bytes = 8 total bytes 0 private allocs TOTAL: 1 objects, 8 bytes, 0 allocs 1 CURSORs still allocated at reset CURSOR: 1 objects of 8 bytes = 8 total bytes 0 private allocs TOTAL: 1 objects, 8 bytes, 0 allocs 1 CURSOR_BITSs still allocated at reset TOTAL: 0 objects, 0 bytes, 0 allocs As per upstream commit bisection it seems that the first bad commit is https://gitlab.freedesktop.org/xorg/xserver/-/commit/26769aa71fcbe0a8403b7fb13b7c9010cc07c3a8 which is related for the CVE-2024-21886 fix. Regards, Salvatore