According to dbkerkholz, "the mit-shm patch only does the security test on pixmaps of a certain bit depth rather than all of them"
This means CVE-2007-6429 is incompletely fixed in bug 204362. http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commit;h=be6c17fcf9efebc0bbcc3d9a25f8c5a2450c2161
There is also a better fix for CVE-2007-3920, "Don't break grab and focus state for a window when redirecting it." -- The fix we had in bug 196878 is "a huge hack" to quote donnie again ;-)
[20:42] <dberkholz> i can get ebuilds underway later this afternoon
I'm going to go ahead and add release@ so I can track this one.
Donnie has just bumped the version in the tree.
<CIA-3> dberkholz * gentoo-x86/x11-base/xorg-server/ (5 files in 2 dirs):
New ebuilds in the tree -- xorg-server-18.104.22.168-r5 and xorg-server-22.214.171.124-r3. 126.96.36.199-r5 is the stable target.
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 mips ppc ppc64 release sh sparc x86"
Stable for HPPA.
I can't believe amd64 didn't do this one yet...
Marked stable on amd64.
I would handle this as an erratum to the previous GLSA, no?
Sure I wasn' thinking straight. Could someone with ssh access to finch delete the draft I made?
This bug was fixed in release snapshot.
no stable for mips.
errata sent, thanks.