0009142: [r9] Upgrade libX11 to 1.7.1 to fix CVE-2021-31535

ID	Project	Category	View Status	Date Submitted	Last Update

0009142	Rocky-Linux-9	libX11	public	2025-04-10 07:09	2025-04-10 07:47

Reporter	Xing Guo	Assigned To
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	new	Resolution	open
Platform	RockyLinux	OS	RockyLinux9	OS Version	RockyLinux9

Summary	0009142: [r9] Upgrade libX11 to 1.7.1 to fix CVE-2021-31535
Description	libX11 for RockyLinux8 contains a security fix for CVE-2021-31535 whlie RockyLinux9 not. https://git.rockylinux.org/staging/rpms/libX11/-/blob/r8/SOURCES/CVE-2021-31535.patch Currently, RockyLinux9 is using libX11-1.7.0, the security fix is available in libX11-1.7.1. Can we upgrade libX11 to 1.7.1 on RockyLinux9?
Tags	No tags attached.

Date Modified	Username	Field	Change
2025-04-10 07:09	Xing Guo	New Issue
2025-04-10 07:47	Brian Clemens	Note Added: 0009788

Brian Clemens 2025-04-10 07:47 QA ~0009788	Hmm. Red Hat listed it as a "Will Not Fix" for 9: https://access.redhat.com/security/cve/cve-2021-31535. The Bugzilla entry doesn't explain the logic behind this but I suspect it might have something to do with Wayland being the default session in 9. As upstream doesn't intend to patch it, this would have to be an enhancement from SIG/Security.