[Buildroot] [PATCH 1/1] package/x11r7/xserver_xorg-server: add security fix for CVE-2020-14347
Peter Korsgaard
peter at korsgaard.com
Fri Aug 28 18:48:27 UTC 2020
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls at t-online.de> writes:
> Am Tue, 11 Aug 2020 23:49:06 +0200 schrieb Thomas Petazzoni via buildroot:
>> This raises a question: what about the older X.org server releases?
>> According to the NIST CVE entry, all versions prior to 1.20.9 are
>> affected, so should the patch be backported to the other X.org server
>> versions we support ?
> Hi Thomas,
> the bump to 1.20.9 fixed four CVEs in total which makes backporting
> upstream patches more complicated as time passes by and new issues arise,
> upstream does not update the older branches anymore:
> https://cgit.freedesktop.org/xorg/xserver/
> Due to the fact that personally I have no use for the older X.org server
> versions I would like to raise the question whether we can remove them?
> From my POV these older versions are unmaintained in buildroot because I
> want to concentrate on the current release which is the one I am using.
They were added to support various binary X11 video drivers,
E.G. nvidia-tegra23 for 1.14.x and amd-catalyst for 1.19.x. Given that
none of them have seen any real updates for ~5 years, I am fine with
removing those packages and the older xserver versions.
Care to send patches for this?
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list