]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c6a8ad4) | patch
xwayland: fix CVE-2022-49737
authorYogita Urade <yogita.urade@windriver.com>
Fri, 21 Mar 2025 12:55:52 +0000 (12:55 +0000)
committerSteve Sakoman <steve@sakoman.com>
Fri, 21 Mar 2025 13:48:11 +0000 (06:48 -0700)
commit740ea9019cf5cf309c5a4ef380eac17d21078ac8
tree35a120cd4d75ca4daccb366f2f88cf74ca6b31a6tree
parentc6a8ad45174a416c4129deb210eab9b7721ce01dcommit | diff
xwayland: fix CVE-2022-49737

In X.Org X server 20.11 through 21.1.16, when a client application
uses easystroke for mouse gestures, the main thread modifies various
data structures used by the input thread without acquiring a lock,
aka a race condition. In particular, AttachDevice in dix/devices.c
does not acquire an input lock.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-49737

Upstream patch:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/dc7cb45482cea6ccec22d117ca0b489500b4d0a0

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-graphics/xwayland/xwayland/CVE-2022-49737.patch [new file with mode: 0644] blob
meta/recipes-graphics/xwayland/xwayland_22.1.8.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib