Timo Aaltonen pushed to branch debian-unstable at X Strike Force / wayland / xwayland
Commits: 84145e01 by Timo Aaltonen at 2025-02-28T12:41:45+02:00 Add README.Debian.security to clarify how the security issues are inherited from the shared codebase with xorg-server, and don't actually apply to xwayland. - - - - - 2 changed files: - + debian/README.Debian.security - debian/changelog Changes: ===================================== debian/README.Debian.security ===================================== @@ -0,0 +1,9 @@ +xwayland bundles many components from xorg-server. xorg-server is often affected +by security issues due to it's very old legacy codebase and the fact that the +X server runs under the root user. + +With xwayland the X server running on top of Wayland runs with the +permissions of the current user (which neutralises such security problems). +xorg-server security vulnerabilities in the embedded xorg-server code are +not tracked or updated in Debian (other than xwayland being updated to newer +copies of xorg-server via new upstream releases). ===================================== debian/changelog ===================================== @@ -1,3 +1,11 @@ +xwayland (2:24.1.6-2) UNRELEASED; urgency=medium + + * Add README.Debian.security to clarify how the security issues are + inherited from the shared codebase with xorg-server, and don't + actually apply to xwayland. Thanks, Moritz Muehlenhoff! + + -- Timo Aaltonen <tjaal...@debian.org> Fri, 28 Feb 2025 12:40:26 +0200 + xwayland (2:24.1.6-1) unstable; urgency=medium * New upstream release. Fixes: View it on GitLab: https://salsa.debian.org/xorg-team/wayland/xwayland/-/commit/84145e011fb98fea74878e07335bd22e9bfed531 -- View it on GitLab: https://salsa.debian.org/xorg-team/wayland/xwayland/-/commit/84145e011fb98fea74878e07335bd22e9bfed531 You're receiving this email because of your account on salsa.debian.org.
