buildroot/package/x11r7/xwayland
Peter Korsgaard b8d9e75eb8 package/xwayland: security bump to version 23.2.4
Fixes the following security issues:

1) CVE-2023-6816 can be triggered by passing an invalid array index to
DeviceFocusEvent or ProcXIQueryPointer.

2) CVE-2024-0229 can be triggered if a device has both a button and a
key class and zero buttons.

3) CVE-2024-21885 can be triggered if a device with a given ID was
removed and a new device with the same ID added both in the same
operation.

4) CVE-2024-21886 can be triggered by disabling a master device with
disabled slave devices.

5) CVE-2024-0409 can be triggered by enabling SELinux
xserver_object_manager and running a client.

6) CVE-2024-0408 can be triggered by enabling SELinux
xserver_object_manager and creating a GLX PBuffer.

For details, see the advisory:
https://lists.x.org/archives/xorg-announce/2024-January/003444.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-26 17:02:21 +01:00
..
Config.in
xwayland.hash package/xwayland: security bump to version 23.2.4 2024-01-26 17:02:21 +01:00
xwayland.mk package/xwayland: security bump to version 23.2.4 2024-01-26 17:02:21 +01:00