From: Peter Marko <peter.marko@siemens.com>
Date: Sat, 9 May 2026 22:45:36 +0000 (+0200)
Subject: xserver-xorg: set status for CVE-2026-34000 and CVE-2026-34002
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e8cef838ebd40aedcbefecc1b1955c48f4fff39f;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

xserver-xorg: set status for CVE-2026-34000 and CVE-2026-34002

These are version-less RedHat CVEs.

[1] points to [2].
This was backported as [3 ]in v22.1.22.

[4] points to [5].
This was backported as [6] in v22.1.22.

[1] https://security-tracker.debian.org/tracker/CVE-2026-34000
[2] https://gitlab.freedesktop.org/xorg/xserver/-/commit/81b6a34f90b28c32ad499a78a4f391b7c06daea2
[3] https://gitlab.freedesktop.org/xorg/xserver/-/commit/a48d67f38753de551cd177e471b545bd8b9b1b64
[4] https://security-tracker.debian.org/tracker/CVE-2026-34002
[5] https://gitlab.freedesktop.org/xorg/xserver/-/commit/f056ce1cc96ed9261052c31524162c78e458f98c
[6] https://gitlab.freedesktop.org/xorg/xserver/-/commit/5328a544ba6c32ecdd1758283ee69058dec100f8

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index 0d8d782712..f720c9cef4 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -29,6 +29,8 @@ connection to the X server is lost, so a typical desktop session is either \
 impossible or difficult to exploit. There is currently no upstream patch \
 available for this flaw."
 CVE_STATUS[CVE-2022-3553] = "cpe-incorrect: This is specific to XQuartz, which is the macOS X server port"
+CVE_STATUS[CVE-2026-34000] = "fixed-version: fixed since v21.1.22"
+CVE_STATUS[CVE-2026-34002] = "fixed-version: fixed since v21.1.22"
 
 S = "${UNPACKDIR}/${XORG_PN}-${PV}"