xorg-x11-server-1.20.10 which is currently in F34 stable repository has an unfixed security issue of high impact [0] that is fixed in xorg-x11-server-1.20.11 which already went stable on F33. We might want to release F34 with this fixed. [0] https://access.redhat.com/security/cve/cve-2021-3472
Proposed as a Blocker and Freeze Exception for 34-final by Fedora user frantisekz using the blocker tracking app because: The release must contain no known security bugs of 'important' or higher impact according to the Red Hat severity classification scale which cannot be satisfactorily resolved by a package update (e.g. issues during installation). The X11 session may get used in special scenarios that are release blocking (eg. the basic video option) or some hardware that is blacklisted to be used on Wayland. I am proposing this both as a Blocker and as an FE in case we decide that the CVE doesn't meet the blocking criteria.
+3 in https://pagure.io/fedora-qa/blocker-review/issue/359 , marking accepted.
Well, this should also apply to xorg-x11-server-Xwayland-21.1.1-1 then, shouldn't it?
the CVE only mentions xorg-x11-server, but if the same issue affects xorg-x11-server-Xwayland, then yes, we can count it as covering both.
Dropping FE proposal as bug is accepted as a blocker.
FEDORA-2021-112d542766 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-112d542766
FEDORA-2021-0e2981e013 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-0e2981e013
FEDORA-2021-0e2981e013 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2021-112d542766 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report.