-
Tue May 05 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-9
- Lock appWindow to fix use-after-free in RAIL mode (CVE-2026-25952)
Resolves: RHEL-159850
-
Tue Apr 28 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-8
- Fix double free in xf_rail_window_common cleanup (CVE-2026-26986)
- Fix growth of preallocated buffers (CVE-2026-27951)
- Fix heap-buffer-overflow in bitmap_cache_put (CVE-2026-29775)
- Add DSP format checks (CVE-2026-31884)
- Fix DSP array bounds checks (CVE-2026-31883)
- Fix DSP array bounds checks (CVE-2026-31885)
- Update CLEAR_GLYPH_ENTRY::count after alloc (CVE-2026-33985)
Resolves: RHEL-159806, RHEL-155468, RHEL-161037, RHEL-161472
Resolves: RHEL-161508, RHEL-161075, RHEL-167794
-
Fri Apr 10 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-7
- Update CLEAR_VBAR_ENTRY size after alloc (CVE-2026-33984)
- Fail progressive_rfx_quant_sub on invalid values (CVE-2026-33983)
Resolves: RHEL-162949, RHEL-162965
-
Tue Mar 31 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-6
- Fix use of nsc_process_message
Resolves: RHEL-155984
-
Fri Mar 27 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-5
- Backport several CVE fixes
Resolves: RHEL-147954, RHEL-147955, RHEL-147970, RHEL-147977, RHEL-147980
Resolves: RHEL-148002, RHEL-148014, RHEL-148031, RHEL-148906, RHEL-148996
Resolves: RHEL-149007, RHEL-149056, RHEL-155984
-
Wed Mar 25 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-4
- Backport several CVE fixes
Resolves: RHEL-151979, RHEL-152206
-
Tue Feb 17 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-3
- Backport several CVE fixes
Resolves: RHEL-148825, RHEL-148865, RHEL-148982
-
Tue Jan 27 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-2
- Backport several CVE fixes
Resolves: RHEL-142417, RHEL-142401, RHEL-142385, RHEL-142369, RHEL-142353
Resolves: RHEL-142337, RHEL-142321
-
Tue Oct 01 2024 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-1
- Update to 2.11.7 (RHEL-53081)
-
Tue Dec 13 2022 Ondrej Holy <oholy@redhat.com> - 2:2.2.0-10
- Fix "implicit declaration of function" errors (#2136153, #2145139)