Hello:

On 21 Dec 2023 at 10:32, Daniel Abrecht via Dng wrote:

> ... because I worry that the abandoned Xorg ...
Xorg is by no means abandoned.
Where did you get that idea from?

Patches and security advisor bulletins are constantly issued.

The latest one was last week:

=============================================
X.Org Security Advisory: December 13, 2023

Issues in X.Org X server prior to 21.1.10 and Xwayland prior to
23.2.3
=============================================

Multiple issues have been found in the X server and Xwayland
implementations published by X.Org for which we are releasing
security fixes for in xorg-server-21.1.10 and xwayland-23.2.3.

1) CVE-2023-6377 can be triggered by forcing a logical device change
on a device with buttons which will result in an out-of-bounds memory
write.

2) CVE-2023-6478 can be triggered by sending a specially crafted
request RRChangeProviderProperty or RRChangeOutputProperty. This will
trigger an integer overflow and lead to disclosure of information.

See:

https://www.x.org/wiki
https://gitlab.freedesktop.org/xorg

Best,

S.