Looking at GLSA-200705-10, it does not appear that CVE-2007-1003 is fixed. Specifically, the bug report: http://bugs.gentoo.org/show_bug.cgi?id=172575 initially mentions that the issue is about CVE-2007-1351 and -1352, which are in libxfont and tightvnc (BDF parsing). However, a patch is attached to the bug report and tested for XC Misc (CVE-2007-1003). My concern is that the resulting GLSA only prompts users to emerge libxfont and tightvnc, and NOT the xorg server. It seems that the appropriate patch is available, but that users may not have been prompted to update for it. Looking at the list of subsequent GLSAs, it does not seem that there are any later xorg issues to date, and therefore xorg installations may remain unpatched to this issue. Would you please update the advisory to alert users to upgrade their xorg installs?
x11 please advise.
I agree with the reporter -- the GLSA omitted the information about xorg-server. Safe versions: all currently in the tree. Safe: 1.1.1-r5, >=1.2.0-r3 Unsafe: 1.2.0 earlier than -r3, <1.1.1-r5
I think we can close this one now since we have GLSA-200710-16 anyway...
