[Buildroot] [PATCH 1/1] package/x11r7/xserver_xorg-server: add security fix for CVE-2020-14347
Bernd Kuhls
bernd.kuhls at t-online.de
Fri Aug 28 17:03:20 UTC 2020
Am Tue, 11 Aug 2020 23:49:06 +0200 schrieb Thomas Petazzoni via buildroot:
> This raises a question: what about the older X.org server releases?
> According to the NIST CVE entry, all versions prior to 1.20.9 are
> affected, so should the patch be backported to the other X.org server
> versions we support ?
Hi Thomas,
the bump to 1.20.9 fixed four CVEs in total which makes backporting
upstream patches more complicated as time passes by and new issues arise,
upstream does not update the older branches anymore:
https://cgit.freedesktop.org/xorg/xserver/
Due to the fact that personally I have no use for the older X.org server
versions I would like to raise the question whether we can remove them?
>From my POV these older versions are unmaintained in buildroot because I
want to concentrate on the current release which is the one I am using.
Regards, Bernd
More information about the buildroot
mailing list