Status
Impact
xorg-server versions <= 21.1.16 are vulnerable and we build directly from upstream. Patches have been merged upstream but no 21.1.17 release yet - see https://gitlab.freedesktop.org/xorg/xserver/-/commit/dc7cb45482cea6ccec22d117ca0b489500b4d0a0. We need to wait until a 21.1.17 release is made or at the very least until there is a tested release candidate branch with the commit present.
Status