diff options
Diffstat (limited to 'poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc')
-rw-r--r-- | poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc index b4f0760176..c891211c40 100644 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc @@ -18,7 +18,15 @@ INC_PR = "r8" XORG_PN = "xorg-server" SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.bz2" -CVE_PRODUCT = "xorg-server" +CVE_PRODUCT = "xorg-server x_server" +# This is specific to Debian's xserver-wrapper.c +CVE_CHECK_WHITELIST += "CVE-2011-4613" +# As per upstream, exploiting this flaw is non-trivial and it requires exact +# timing on the behalf of the attacker. Many graphical applications exit if their +# connection to the X server is lost, so a typical desktop session is either +# impossible or difficult to exploit. There is currently no upstream patch +# available for this flaw. +CVE_CHECK_WHITELIST += "CVE-2020-25697" S = "${WORKDIR}/${XORG_PN}-${PV}" |