-
Tue May 05 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-7.3
- Lock appWindow to fix use-after-free in RAIL mode (CVE-2026-25952)
Resolves: RHEL-159860
-
Tue Apr 28 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-7.2
- Fix double free in xf_rail_window_common cleanup (CVE-2026-26986)
- Fix growth of preallocated buffers (CVE-2026-27951)
- Fix heap-buffer-overflow in bitmap_cache_put (CVE-2026-29775)
- Add DSP format checks (CVE-2026-31884)
- Fix DSP array bounds checks (CVE-2026-31883)
- Fix DSP array bounds checks (CVE-2026-31885)
- Update CLEAR_GLYPH_ENTRY::count after alloc (CVE-2026-33985)
Resolves: RHEL-159816, RHEL-155478, RHEL-161047, RHEL-161482
Resolves: RHEL-161519, RHEL-161085, RHEL-168463
-
Tue Apr 14 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-7.1
- Update CLEAR_VBAR_ENTRY size after alloc (CVE-2026-33984)
- Fail progressive_rfx_quant_sub on invalid values (CVE-2026-33983)
Resolves: RHEL-163097, RHEL-163113
-
Tue Mar 31 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-7
- Fix use of nsc_process_message
Resolves: RHEL-155994
-
Fri Mar 27 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-6
- Backport several CVE fixes
Resolves: RHEL-148052, RHEL-148053, RHEL-148056, RHEL-148075, RHEL-148081
Resolves: RHEL-148098, RHEL-148105, RHEL-148106, RHEL-148941, RHEL-149032
Resolves: RHEL-149043, RHEL-149066, RHEL-155994
-
Wed Mar 25 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-5
- Backport several CVE fixes
Resolves: RHEL-151989, RHEL-152216
-
Tue Feb 17 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-4
- Backport several CVE fixes
Resolves: RHEL-148849, RHEL-148891, RHEL-149030
-
Tue Jan 27 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-3
- Backport several CVE fixes
Resolves: RHEL-142427, RHEL-142411, RHEL-142395, RHEL-142379, RHEL-142363
Resolves: RHEL-142348, RHEL-142332
-
Fri Jan 16 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-2
- Try next DNS entry on connect failure
Resolves: RHEL-113722
-
Thu May 09 2024 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-1
- Update to 2.11.7 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041,
CVE-2024-32458, CVE-2024-32459, CVE-2024-32460, CVE-2024-32658,
CVE-2024-32659, CVE-2024-32660, CVE-2024-32661, CVE-2024-32662)