FS#2709 : [SEC] xorg-server + libxfont

Please read the http://frugalware.org/docs/bugs page if you are new to bugreporting!

FS#2709 - [SEC] xorg-server + libxfont

Attached to Project: Frugalware
Opened by crazy (bugs) - Saturday, 19 January 2008, 09:46 GMT+2
Last edited by Miklos Vajna (vmiklos) - Friday, 14 March 2008, 23:03 GMT+2

Task Type	Bug Report
Category	X Window System
Status	Closed
Assigned To	No-one
Operating System	x86_64 / i686
Severity	Medium
Priority	High
Reported Version	-current
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

http://lists.freedesktop.org/archives/xorg/2008-January/031918.html

WARNING! Please no one pushes this to stable yet :

* CVE-2007-6429 - MIT-SHM and EVI extensions integer overflows

this one breaks more as it fixes , see :

https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/183969

http://secunia.com/advisories/28532/

This task depends upon

Closed by Miklos Vajna (vmiklos)
Friday, 14 March 2008, 23:03 GMT+2
Reason for closing: Fixed
Additional comments about closing: Kalgan is out

Comments (8)
Related Tasks (0/0)

Comment by crazy (bugs) - Saturday, 19 January 2008, 11:15 GMT+2

Ok there is the fix for CVE-2007-6429

http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=e9fa7c1c88a8130a48f772c92b186b8b777986b5;hp=23f3f0e27dc90b7b3a375f2a5dd094e6f53552b5

I will test in xorg73 first.

Comment by crazy (bugs) - Saturday, 19 January 2008, 12:00 GMT+2

fixed in xorg73 repo ( will update the status to 'Fixed in current after the repo is merged' )

http://frugalware.org/pipermail/frugalware-git/2008-January/007387.html
http://frugalware.org/pipermail/frugalware-git/2008-January/007385.html
http://frugalware.org/pipermail/frugalware-git/2008-January/007389.html

Comment by crazy (bugs) - Monday, 21 January 2008, 19:31 GMT+2

heh still not fully fixed .. an fix for the second fix was commit some hours ago ..

http://cgit.freedesktop.org/xorg/xserver/commit/?id=be6c17fcf9efebc0bbcc3d9a25f8c5a2450c2161

we should wait some more days for stable with that.

I'll fix for current later on

Comment by crazy (bugs) - Tuesday, 22 January 2008, 22:33 GMT+2

Patches needed for stable :

libxfont first :
ftp://ftp.freedesktop.org/pub/xorg/X11R7.2/patches/xorg-libXfont-1.2.7-pcf-parser.diff

xorg-server:

ftp://ftp.freedesktop.org/pub/xorg/X11R7.2/patches/xorg-xserver-1.2-multiple-overflows-v2.diff + http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=be6c17fcf9efebc0bbcc3d9a25f8c5a2450c2161;hp=94a21d757ce58254accbd5dd3a86810aadeec9f0

I also suggest putting this fix for CVE-2007-3069 as well , was forgotten :
http://lists.freedesktop.org/archives/xorg/2008-January/032129.html

In meantime xorg-server for current compiles , I'll update the status in a bit.

Comment by crazy (bugs) - Tuesday, 22 January 2008, 23:04 GMT+2

xorg-server-1.4.0.90-4 uploaded to current

http://frugalware.org/pipermail/frugalware-git/2008-January/007551.html

Comment by András Vöröskői (voroskoi) - Wednesday, 23 January 2008, 20:29 GMT+2

Field changed: Summary ([SEC] xorg-server → [SEC] xorg-server + libxfont)
Field changed: Operating System (i686 → x86_64 / i686)
Assignment removed

libxfont-1.2.7-3sayshell1-i686 upped

Comment by Miklos Vajna (vmiklos) - Saturday, 08 March 2008, 20:44 GMT+2

Field changed: Status (Fixed in -current → Waiting for syncpkgd)

your forgot to change status :)

Comment by Miklos Vajna (vmiklos) - Sunday, 09 March 2008, 00:56 GMT+2

Field changed: Status (Waiting for syncpkgd → Fixed in -current)

hm no i was wrong, the xorg-server commit is not yet in -stable

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Frugalware

FS#2709 - [SEC] xorg-server + libxfont

Details

Loading...