Changelog
xorg-server (2:21.1.7-3+deb12u5) bookworm-security; urgency=high
* Non-maintainer upload by the Security Team.
* Xi: require a pointer and keyboard device for XIAttachToMaster
* dix: allocate enough space for logical button maps (CVE-2023-6816)
* dix: Allocate sufficient xEvents for our DeviceStateNotify (CVE-2024-0229)
* dix: fix DeviceStateNotify event calculation (CVE-2024-0229)
* Xi: when creating a new ButtonClass, set the number of buttons
(CVE-2024-0229)
* Xi: flush hierarchy events after adding/removing master devices
(CVE-2024-21885)
* Xi: do not keep linked list pointer during recursion (CVE-2024-21886)
* dix: when disabling a master, float disabled slaved devices too
(CVE-2024-21886)
* ephyr,xwayland: Use the proper private key for cursor
* glx: Call XACE hooks on the GLX buffer
* dix: Fix use after free in input device shutdown
-- Salvatore Bonaccorso <email address hidden> Mon, 22 Jan 2024 07:19:15 +0100