Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1950788
Summary: | Include xorg-x11-server-1.20.11 and xorg-x11-server-Xwayland-21.1.1-1.fc34 into Fedora 34 to fix CVE-2021-3472 | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | František Zatloukal <fzatlouk> |
Component: | xorg-x11-server | Assignee: | X/OpenGL Maintenance List <xgl-maint> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 34 | CC: | awilliam, bskeggs, caillon+fedoraproject, fzatlouk, jglisse, ofourdan, rhughes, robatino, rstrode, sandmann, xgl-maint |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | AcceptedBlocker | ||
Fixed In Version: | xorg-x11-server-1.20.11-1.fc34 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-04-20 01:34:39 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1829024 |
Description
František Zatloukal
2021-04-18 18:37:35 UTC
Proposed as a Blocker and Freeze Exception for 34-final by Fedora user frantisekz using the blocker tracking app because: The release must contain no known security bugs of 'important' or higher impact according to the Red Hat severity classification scale which cannot be satisfactorily resolved by a package update (e.g. issues during installation). The X11 session may get used in special scenarios that are release blocking (eg. the basic video option) or some hardware that is blacklisted to be used on Wayland. I am proposing this both as a Blocker and as an FE in case we decide that the CVE doesn't meet the blocking criteria. +3 in https://pagure.io/fedora-qa/blocker-review/issue/359 , marking accepted. Well, this should also apply to xorg-x11-server-Xwayland-21.1.1-1 then, shouldn't it? the CVE only mentions xorg-x11-server, but if the same issue affects xorg-x11-server-Xwayland, then yes, we can count it as covering both. Dropping FE proposal as bug is accepted as a blocker. FEDORA-2021-112d542766 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-112d542766 FEDORA-2021-0e2981e013 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-0e2981e013 FEDORA-2021-0e2981e013 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2021-112d542766 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report. |