Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#35513 - [xorg] Dozens of vulnerability fixes for Xorg libraries

Attached to Project: Arch Linux
Opened by Andreas (misc) - Monday, 27 May 2013, 23:59 GMT
Last edited by Andreas Radke (AndyRTR) - Thursday, 30 May 2013, 14:42 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Jan de Groot (JGC)
Andreas Radke (AndyRTR)
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Over the last week Alan Coopersmith pushed dozens of vulnerability fixes for numerous Xorg libraries, none of which so far received a new release. Check their respective git pages for more.

http://cgit.freedesktop.org/xorg/?s=idle

For instance:
CVE-2013-2064 in libxcb: http://cgit.freedesktop.org/xcb/libxcb/
CVE-2013-1999 & CVE-2013-1990 in libXvMC http://cgit.freedesktop.org/xorg/lib/libXvMC/
CVE-2013-1995 & CVE-2013-1984 in libXi http://cgit.freedesktop.org/xorg/lib/libXi/
CVE-2013-1988 in libXRes http://cgit.freedesktop.org/xorg/lib/libXRes/

etc. etc.
This task depends upon

Closed by  Andreas Radke (AndyRTR)
Thursday, 30 May 2013, 14:42 GMT
Reason for closing:  Deferred
Additional comments about closing:  Upstream release tarballs are coming in over these days.
Comment by Andreas Radke (AndyRTR) - Tuesday, 28 May 2013, 15:07 GMT
New releases are planned very soon. I don't want to patch all packages before these releases. Some patches seem to have unwanted side effects.

Loading...