We are in the midst of doing an updated 6.3 spin for our customers, and the bump in xorg-x11-server and associated packages from 1.10 to 1.13 and the ABI change on the driver side is causing heartburn for some.

 

We’ve been going around and around about whether to do this inclusion, and I’m just realizing that I can’t find either the errata announcement or any documentation from anyone on fixed CVEs driving inclusion in the updates/security repo.

 

Am I blind? Would appreciate a pointer or rationale about how this got into security, rather than fastbugs.

 

I know I’m missing something…

 

Thanks.