maintainer-feedback requested: [Bug 291134] x11-servers/xwayland: update to 24.1.9 to fix CVEs

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 291134] x11-servers/xwayland: update to 24.1.9 to fix CVEs"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 21 Nov 2025 14:25:15 UTC

Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-x11 (Nobody)
<x11@FreeBSD.org> for maintainer-feedback:
Bug 291134: x11-servers/xwayland: update to 24.1.9 to fix CVEs
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291134



--- Description ---
xwayland is currently vulnerable to:

CVE-2025-62229 - Use after free within xorg server
CVE-2025-62230 - Use after free within xorg server keyboard extension
CVE-2025-62231 - Overflow leading to memory corruption within xorg server
keyboard extension

These have been published on vuxml at the beginning of the month:
https://www.vuxml.org/freebsd/e99a32c8-b8e2-11f0-8510-b42e991fc52e.html