Roman Fiedler reported that missing length validation in various
functions provided by libx11, the X11 client-side library, allow
to inject X11 protocol commands on X clients, leading to
authentication bypass, denial of service or potentially the
execution of arbitrary code.
For the stable distribution (buster), this problem has been fixed in
We recommend that you upgrade your libx11 packages.