Package: release.debian.org Severity: normal X-Debbugs-Cc: [email protected], Debian X Strike Force <[email protected]>, Emilio Pozuelo Monfort <[email protected]>, Timo Aaltonen <[email protected]>, Julien Cristau <[email protected]>, [email protected], [email protected], [email protected] Control: affects -1 + src:xorg-server User: [email protected] Usertags: unblock
Control: tags -1 + d-i Hi, Please unblock package xorg-server [ Reason ] xorg-server is prone to several CVEs as published today in https://lists.freedesktop.org/archives/xorg-announce/2025-June/003608.html, more precisely CVE-2025-49175, CVE-2025-49176, CVE-2025-49177, CVE-2025-49178, CVE-2025-49179 and CVE-2025-49180. [ Impact ] Version in trixie remains (for now vulnerable o those CVEs). A DSA for bookworm is planned after bit of exposure in unstable. [ Tests ] None concretely for the CVEs, basic functional tests. [ Risks ] Patches come from upstream, in past we had some fallouts. OTOH we got validated patches from upstream which got applied. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock xorg-server/2:21.1.16-1.2 Regards, Salvatore
