Summary: | x11-base/xorg-x11: More XPM issues (CAN-2005-0605) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | major | CC: | mgorny, wolf31o2, x11 | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
URL: | https://bugs.freedesktop.org/show_bug.cgi?id=1920 | ||||||
Whiteboard: | A2 [glsa] jaervosz | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-02-28 13:16:29 UTC
Created attachment 52321 [details, diff]
xpm-sec10.diff
Yeah, I know. =\ Have you checked whether that patch applies cleanly to our stuff? No, I haven't checked and don't think koon has either. Patch applies cleanly to 6.8.0 with : $ cd xc/extras/Xpm/lib/ $ patch -p0 < ~/xpm-sec10.diff patching file scan.c patching file create.c Donnie: what's your timeframe on this ? I would like to know if I let the OpenMotif/LessTif advisories out or (if you're close) wait for Xorg to be ready and issue one for all... I can do it this weekend, hopefully tomorrow sometime, but not today. 6.8.0-r5 and 6.8.2-r1 are in portage with the fix. Arches that need to stable 6.8.2-r1: ppc ppc64 Arches that need to stable 6.8.0-r5 or (at their option) 6.8.2-r1 instead: everyone else -- x86 sparc alpha amd64 hppa arm mips ia64 The 6.7.0 series is not going to be fixed and will be pulled from portage, as will 6.8.0-r{3,4}, once the above is stable. Arches, please mark stable, following comment #7 6.8.2-r1 is stable on ppc. stable on ppc64 Stable on amd64. Stable on alpha. mips good x86, sparc, amd64 please mark stable. woops, sorry kugelfang. 6.8.2-r1 is stable for sparc. Stabled 6.8.0-r5 on x86. GLSA 200503-15 arm/hppa/ia64, please mark stable to benefit from GLSA. Already stable on hppa |