From mboxrd@z Thu Jan  1 00:00:00 1970
From: Bernd Kuhls <bernd.kuhls@t-online.de>
Date: Fri, 28 Aug 2020 19:03:20 +0200
Subject: [Buildroot] [PATCH 1/1] package/x11r7/xserver_xorg-server: add
 security fix for CVE-2020-14347
References: <20200810064109.447089-1-bernd.kuhls@t-online.de>
 <20200811234906.051e8caa@windsurf.home>
Message-ID: <ovpn1hxmln.ln2@ID-313208.user.individual.net>
List-Id: <buildroot.busybox.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: buildroot@busybox.net

Am Tue, 11 Aug 2020 23:49:06 +0200 schrieb Thomas Petazzoni via buildroot:

> This raises a question: what about the older X.org server releases?
> According to the NIST CVE entry, all versions prior to 1.20.9 are
> affected, so should the patch be backported to the other X.org server
> versions we support ?

Hi Thomas,

the bump to 1.20.9 fixed four CVEs in total which makes backporting 
upstream patches more complicated as time passes by and new issues arise, 
upstream does not update the older branches anymore:
https://cgit.freedesktop.org/xorg/xserver/

Due to the fact that personally I have no use for the older X.org server 
versions I would like to raise the question whether we can remove them? 
>From my POV these older versions are unmaintained in buildroot because I 
want to concentrate on the current release which is the one I am using.

Regards, Bernd