[Bug 291134] x11-servers/xwayland: update to 24.1.9 to fix CVEs

Reply: bugzilla-noreply_a_freebsd.org: "maintainer-feedback requested: [Bug 291134] x11-servers/xwayland: update to 24.1.9 to fix CVEs"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 291134] x11-servers/xwayland: update to 24.1.9 to fix CVEs"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 291134] x11-servers/xwayland: update to 24.1.9 to fix CVEs"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 291134] x11-servers/xwayland: update to 24.1.9 to fix CVEs"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 21 Nov 2025 14:25:15 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291134

            Bug ID: 291134
           Summary: x11-servers/xwayland: update to 24.1.9 to fix CVEs
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: x11@FreeBSD.org
          Reporter: polarian@polarian.dev
          Assignee: x11@FreeBSD.org
             Flags: maintainer-feedback?(x11@FreeBSD.org)

xwayland is currently vulnerable to:

CVE-2025-62229 - Use after free within xorg server
CVE-2025-62230 - Use after free within xorg server keyboard extension
CVE-2025-62231 - Overflow leading to memory corruption within xorg server
keyboard extension

These have been published on vuxml at the beginning of the month:
https://www.vuxml.org/freebsd/e99a32c8-b8e2-11f0-8510-b42e991fc52e.html

-- 
You are receiving this mail because:
You are the assignee for the bug.