Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#38401 - [xorg-server] security patch for CVE-2013-6424

Attached to Project: Arch Linux
Opened by RbN (RbN) - Monday, 06 January 2014, 21:06 GMT
Last edited by Laurent Carlier (lordheavy) - Monday, 06 January 2014, 22:41 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Laurent Carlier (lordheavy)
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


Description (from redhat Bugzilla [0]):
"An integer underflow flaw was found in the X.Org server when handling trapezoids. A malicious, authorized client could use this flaw to crash the X.Org server."

CVE attribution [1]

This bug affects both 1.14 and 1.15 (currently in testing).
The related bug in pixman (aka CVE-2013-6425) is already corrected in archlinux repositories ;)

Resolution :
upstream patch [2]

This task depends upon

Closed by  Laurent Carlier (lordheavy)
Monday, 06 January 2014, 22:41 GMT
Reason for closing:  Fixed
Additional comments about closing:  xorg-server 1.15.0-4
xorg-server 1.14.5-2