Overview

File _patchinfo of Package patchinfo.37656

<patchinfo incident="37656">
  <issue tracker="cve" id="2025-26596"/>
  <issue tracker="cve" id="2025-26598"/>
  <issue tracker="cve" id="2025-26601"/>
  <issue tracker="cve" id="2025-26597"/>
  <issue tracker="cve" id="2025-26595"/>
  <issue tracker="cve" id="2025-26600"/>
  <issue tracker="cve" id="2025-26594"/>
  <issue tracker="cve" id="2025-26599"/>
  <issue tracker="bnc" id="1237431">VUL-0: EMBARGOED: CVE-2025-26597: xorg-x11-server,xwayland,libX11: Buffer overflow in XkbChangeTypesOfKey()</issue>
  <issue tracker="bnc" id="1237430">VUL-0: EMBARGOED: CVE-2025-26596: xorg-x11-server,xwayland: Heap overflow in XkbWriteKeySyms()</issue>
  <issue tracker="bnc" id="1237427">VUL-0: EMBARGOED: CVE-2025-26594: xorg-x11-server,xwayland: Use-after-free of the root cursor</issue>
  <issue tracker="bnc" id="1237435">VUL-0: EMBARGOED: CVE-2025-26601: xorg-x11-server,xwayland: Use-after-free in SyncInitTrigger()</issue>
  <issue tracker="bnc" id="1237432">VUL-0: EMBARGOED: CVE-2025-26598: xorg-x11-server,xwayland: Out-of-bounds write in CreatePointerBarrierClient()</issue>
  <issue tracker="bnc" id="1237433">VUL-0: EMBARGOED: CVE-2025-26599: xorg-x11-server,xwayland: Use of uninitialized pointer in compRedirectWindow()</issue>
  <issue tracker="bnc" id="1237434">VUL-0: EMBARGOED: CVE-2025-26600: xorg-x11-server,xwayland: Use-after-free in PlayReleasedEvents()</issue>
  <issue tracker="bnc" id="1237429">VUL-0: EMBARGOED: CVE-2025-26595: xorg-x11-server,xwayland,libxkbfile: Buffer overflow in XkbVModMaskText()</issue>
  <packager>sndirsch</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for xwayland</summary>
  <description>This update for xwayland fixes the following issues:

- CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427).
- CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429).
- CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430).
- CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431).
- CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() (bsc#1237432).
- CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() (bsc#1237433).
- CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434).
- CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places