Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 471098 - <x11-base/xorg-server-1.14.3-r2 : multiple vulnerabilities (CVE-2013-{1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2062,2063,2064,2066})
Summary: <x11-base/xorg-server-1.14.3-r2 : multiple vulnerabilities (CVE-2013-{1981,19...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal critical (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: A1 [glsa]
Keywords:
Depends on: 471300 474466 475480 488018
Blocks:
  Show dependency tree
 
Reported: 2013-05-23 17:13 UTC by Agostino Sarubbo
Modified: 2014-05-15 12:18 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-05-23 17:13:30 UTC
From ${URL} :

X.Org Security Advisory:  May 23, 2013
Protocol handling issues in X Window System client libraries
============================================================

Description:
============

Ilja van Sprundel, a security researcher with IOActive, has discovered
a large number of issues in the way various X client libraries handle
the responses they receive from servers, and has worked with X.Org's
security team to analyze, confirm, and fix these issues.

Most of these issues stem from the client libraries trusting the server
to send correct protocol data, and not verifying that the values will
not overflow or cause other damage.   Most of the time X clients & servers
are run by the same user, with the server more privileged from the clients,
so this is not a problem, but there are scenarios in which a privileged
client can be connected to an unprivileged server, for instance, connecting
a setuid X client (such as a screen lock program) to a virtual X server
(such as Xvfb or Xephyr) which the user has modified to return invalid
data, potentially allowing the user to escalate their privileges.

The X.Org security team would like to take this opportunity to remind
X client authors that current best practices suggest separating code
that requires privileges from the GUI, to reduce the attack surface of
issues like this.

The vulnerabilities include:

- integer overflows calculating memory needs for replies

     These calls do not check that their calculations for how much memory
     is needed to handle the returned data have not overflowed, so can
     result in allocating too little memory and then writing the returned
     data past the end of the allocated buffer.

     * CVE-2013-1981: libX11 1.5.99.901 (1.6 RC1) and earlier
       Affected functions:  XQueryFont(), _XF86BigfontQueryFont(),
           XListFontsWithInfo(), XGetMotionEvents(), XListHosts(),
           XGetModifierMapping(), XGetPointerMapping(), XGetKeyboardMapping(),
           XGetWindowProperty(), XGetImage()

     * CVE-2013-1982: libXext 1.3.1 and earlier
       Affected functions:  XcupGetReservedColormapEntries(),
           XcupStoreColors(), XdbeGetVisualInfo(), XeviGetVisualInfo(),
           XShapeGetRectangles(), XSyncListSystemCounters()

     * CVE-2013-1983: libXfixes 5.0 and earlier
       Affected functions:  XFixesGetCursorImage()

     * CVE-2013-1984: libXi 1.7.1 and earlier
       Affected functions:  XGetDeviceControl(), XGetFeedbackControl(),
           XGetDeviceDontPropagateList(), XGetDeviceMotionEvents(),
           XIGetProperty(), XIGetSelectedEvents(), XGetDeviceProperties(),
           XListInputDevices()

     * CVE-2013-1985: libXinerama 1.1.2 and earlier
       Affected functions:  XineramaQueryScreens()

     * CVE-2013-2062: libXp 1.0.1 and earlier
       Affected functions:  XpGetAttributes(), XpGetOneAttribute(),
           XpGetPrinterList(), XpQueryScreens()

     * CVE-2013-1986: libXrandr 1.4.0 and earlier
       Affected functions:  XRRQueryOutputProperty(), XRRQueryProviderProperty()
          [XRRQueryProviderProperty() was introduced in libXrandr 1.4.0 and is
           not found in 1.3.2 and older releases.]

     * CVE-2013-1987: libXrender 0.9.7 and earlier
       Affected functions:  XRenderQueryFilters(), XRenderQueryFormats(),
           XRenderQueryPictIndexValues()

     * CVE-2013-1988: libXRes 1.0.6 and earlier
       Affected functions:  XResQueryClients(), XResQueryClientResources()

     * CVE-2013-2063: libXtst 1.2.1 and earlier
       Affected functions:  XRecordGetContext()

     * CVE-2013-1989: libXv 1.0.7 and earlier
       Affected functions:  XvQueryPortAttributes(), XvListImageFormats(),
           XvCreateImage()

     * CVE-2013-1990: libXvMC 1.0.7 and earlier
       Affected functions:  XvMCListSurfaceTypes(), XvMCListSubpictureTypes()

     * CVE-2013-1991: libXxf86dga 1.1.3 and earlier
       Affected functions:  XDGAQueryModes(), XDGASetMode()

     * CVE-2013-1992: libdmx 1.1.2 and earlier
       Affected functions:  DMXGetScreenAttributes(), DMXGetWindowAttributes(),
           DMXGetInputAttributes()

     * CVE-2013-2064: libxcb 1.9 and earlier
       Affected functions:  read_packet()

     * CVE-2013-1993: libGLX in Mesa 9.1.1 and earlier
       Affected functions:  XF86DRIOpenConnection(), XF86DRIGetClientDriverName()

     * CVE-2013-1994: libchromeXvMC & libchromeXvMCPro in openChrome 0.3.2
       and earlier
       Affected functions:  uniDRIOpenConnection(), uniDRIGetClientDriverName()

- sign extension issues calculating memory needs for replies

     These calls do not check that their calculations for how much memory
     is needed to handle the returned data have not had sign extension
     issues when converting smaller integer types to larger ones, leading
     to negative numbers being used in memory size calculations that can
     result in allocating too little memory and then writing the returned
     data past the end of the allocated buffer.

     * CVE-2013-1995: libXi 1.7.1 and earlier
       Affected functions:  XListInputDevices()

     * CVE-2013-1996: libFS 1.0.4 and earlier
       Affected functions:  FSOpenServer()

- buffer overflows due to not validating length or offset values in replies

     These calls do not check that the lengths and/or indexes returned by the
     server are within the bounds specified by the caller or the bounds of the
     memory allocated by the function, so could write past the bounds of
     allocated memory when storing the returned data.

     * CVE-2013-1997: libX11 1.5.99.901 (1.6 RC1) and earlier
       Affected functions:  XAllocColorCells(), _XkbReadGetDeviceInfoReply(),
           _XkbReadGeomShapes(), _XkbReadGetGeometryReply(), _XkbReadKeySyms(),
           _XkbReadKeyActions(), _XkbReadKeyBehaviors(), _XkbReadModifierMap(),
           _XkbReadExplicitComponents(), _XkbReadVirtualModMap(),
           _XkbReadGetNamesReply(), _XkbReadGetMapReply(), _XimXGetReadData(),
           XListFonts(), XListExtensions(), XGetFontPath()

     * CVE-2013-1998: libXi 1.7.1 and earlier
       Affected functions:  XGetDeviceButtonMapping(), _XIPassiveGrabDevice(),
           XQueryDeviceState()

     * CVE-2013-2066: libXv 1.0.7 and earlier
       Affected functions:  XvQueryPortAttributes()

     * CVE-2013-1999: libXvMC 1.0.7 and earlier
       Affected functions:  XvMCGetDRInfo()

     * CVE-2013-2000: libXxf86dga 1.1.3 and earlier
       Affected functions:  XDGAQueryModes(), XDGASetMode()

     * CVE-2013-2001: libXxf86vm 1.1.2 and earlier
       Affected functions:  XF86VidModeGetGammaRamp()

     * CVE-2013-2002: libXt 1.1.3 and earlier
       Affected functions:  _XtResourceConfigurationEH()

- integer overflows parsing user-specified files

     These calls do not check that their calculations for how much memory
     is needed to handle the data being read have not overflowed, so can
     result in allocating too little memory and then writing the returned
     data past the end of the allocated buffer.

     * CVE-2013-1981: libX11 1.5.99.901 (1.6 RC1) and earlier
       Affected functions:  LoadColornameDB(), XrmGetFileDatabase(),
           _XimParseStringFile(), TransFileName()

     * CVE-2013-2003: libXcursor 1.1.13 and earlier
       Affected functions:  _XcursorFileHeaderCreate()

- unbounded recursion parsing user-specified files

     These calls read in files and handle C-style '#include' directives
     to include other files, and have no limit for how many levels deep
     they will go, including allowing files to #include themselves, until
     the stack overflows from the recursive function calling patterns.

     * CVE-2013-2004: libX11 1.5.99.901 (1.6 RC1) and earlier
       Affected functions:  GetDatabase(), _XimParseStringFile()

- memory corruption due to unchecked return values

     These calls assume that pointers are properly initialized by the
     XGetWindowProperty() function and don't check for failure of the
     function to return a valid window property, which can lead to
     use of uninitialized pointers for reading, writing, or passing to
     functions such as free().   XGetWindowProperty() in libX11 1.5.99.901
     (1.6RC1) and earlier did not ensure returned pointers were initialized
     to NULL when returning a failure (this is fixed in libX11 1.5.99.902
     and later).

     * CVE-2013-2005: libXt 1.1.3 and earlier
       Affected functions:  ReqCleanup(), HandleSelectionEvents(),
           ReqTimedOut(), HandleNormal(), HandleSelectionReplies()

Affected Versions
=================

X.Org believes all prior versions of these libraries contain these
flaws, dating back to their introduction.

Versions of the X libraries built on top of the Xlib bridge to the XCB
framework are vulnerable to fewer issues than those without, due to the
added safety and consistency assertions in the XCB calls to read data
from the network, but most of these vulnerabilities are not caught by
those checks.

Fixes
=====

Fixes are available in git commits and patches which will be listed
on http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
when this advisory is released.

Fixes will also be included in these module releases from X.Org:

     libX11 1.5.99.902 (1.6 RC2)
     libXcursor 1.1.14
     libXext 1.3.2
     libXfixes 5.0.1
     libXi 1.7.2
     libXinerama 1.1.3
     libXp 1.0.2
     libXrandr 1.4.1
     libXrender 0.9.8
     libXRes 1.0.7
     libXv 1.0.8
     libXvMC 1.0.8
     libXxf86dga 1.1.4
     libXxf86vm 1.1.3
     libdmx 1.1.3
     libxcb 1.9.1
     libFS 1.0.5
     libXt 1.1.4

or releases to be determined from our sister projects:
     xf86-video-openchrome    OpenChrome project - http://www.openchrome.org/
     Mesa                     Mesa3D project - http://www.mesa3d.org/

Thanks
======

X.Org thanks Ilja van Sprundel of IOActive for reporting these issues to our
security team and assisting them in understanding them and evaluating our
fixes, and Alan Coopersmith of Oracle for coordinating the X.Org response and
developing the fixes for these issues.

-- 
	-Alan Coopersmith-              alan.coopersmith@...cle.com
	  X.Org Security Response Team - xorg-security@...ts.x.org



@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2013-07-13 15:45:53 UTC
CVE-2013-2066 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2066):
  Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a
  denial of service (crash) and possibly execute arbitrary code via crafted
  length or index values to the XvQueryPortAttributes function.

CVE-2013-2064 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2064):
  Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger
  allocation of insufficient memory and a buffer overflow via vectors related
  to the read_packet function.

CVE-2013-2063 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2063):
  Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to
  trigger allocation of insufficient memory and a buffer overflow via vectors
  related to the XRecordGetContext function.

CVE-2013-2062 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2062):
  Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X servers
  to trigger allocation of insufficient memory and a buffer overflow via
  vectors related to the (1) XpGetAttributes, (2) XpGetOneAttribute, (3)
  XpGetPrinterList, and (4) XpQueryScreens functions.

CVE-2013-2005 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2005):
  X.org libXt 1.1.3 and earlier does not check the return value of the
  XGetWindowProperty function, which allows X servers to trigger use of an
  uninitialized pointer and memory corruption via vectors related to the (1)
  ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal,
  and (5) HandleSelectionReplies functions.

CVE-2013-2004 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2004):
  The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11
  1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when
  processing directives to include files, which allows X servers to cause a
  denial of service (stack consumption) via a crafted file.

CVE-2013-2003 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2003):
  Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to
  trigger allocation of insufficient memory and a buffer overflow via vectors
  related to the _XcursorFileHeaderCreate function.

CVE-2013-2002 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2002):
  Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to cause a
  denial of service (crash) and possibly execute arbitrary code via crafted
  length or index values to the _XtResourceConfigurationEH function.

CVE-2013-2001 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2001):
  Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to
  cause a denial of service (crash) and possibly execute arbitrary code via
  crafted length or index values to the XF86VidModeGetGammaRamp function.

CVE-2013-2000 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2000):
  Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X
  servers to cause a denial of service (crash) and possibly execute arbitrary
  code via crafted length or index values to the (1) XDGAQueryModes and (2)
  XDGASetMode functions.

CVE-2013-1999 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1999):
  Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause
  a denial of service (crash) and possibly execute arbitrary code via crafted
  length or index values to the XvMCGetDRInfo function.

CVE-2013-1998 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1998):
  Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers
  to cause a denial of service (crash) and possibly execute arbitrary code via
  crafted length or index values to the (1) XGetDeviceButtonMapping, (2)
  XIPassiveGrabDevice, and (3) XQueryDeviceState functions.

CVE-2013-1997 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1997):
  Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier
  allow X servers to cause a denial of service (crash) and possibly execute
  arbitrary code via crafted length or index values to the (1)
  XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes,
  (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions,
  (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9)
  _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11)
  _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14)
  XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.

CVE-2013-1996 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1996):
  X.org libFS 1.0.4 and earlier allows X servers to trigger allocation of
  insufficient memory and a buffer overflow via vectors related to an
  unexpected sign extension in the FSOpenServer function.

CVE-2013-1995 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1995):
  X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of
  insufficient memory and a buffer overflow via vectors related to an
  unexpected sign extension in the XListInputDevices function.

CVE-2013-1994 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1994):
  Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in
  openChrome 0.3.2 and earlier allow X servers to trigger allocation of
  insufficient memory and a buffer overflow via vectors related to the (1)
  uniDRIOpenConnection and (2) uniDRIGetClientDriverName functions.

CVE-2013-1993 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1993):
  Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X
  servers to trigger allocation of insufficient memory and a buffer overflow
  via vectors related to the (1) XF86DRIOpenConnection and (2)
  XF86DRIGetClientDriverName functions.

CVE-2013-1992 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1992):
  Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers
  to trigger allocation of insufficient memory and a buffer overflow via
  vectors related to the (1) DMXGetScreenAttributes, (2)
  DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions.

CVE-2013-1991 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1991):
  Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allow X
  servers to trigger allocation of insufficient memory and a buffer overflow
  via vectors related to the (1) XDGAQueryModes and (2) XDGASetMode functions.

CVE-2013-1990 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1990):
  Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X
  servers to trigger allocation of insufficient memory and a buffer overflow
  via vectors related to the (1) XvMCListSurfaceTypes and (2)
  XvMCListSubpictureTypes functions.

CVE-2013-1989 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1989):
  Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers
  to trigger allocation of insufficient memory and a buffer overflow via
  vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats,
  and (3) XvCreateImage function.

CVE-2013-1988 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1988):
  Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X
  servers to trigger allocation of insufficient memory and a buffer overflow
  via vectors related to the (1) XResQueryClients and (2)
  XResQueryClientResources functions.

CVE-2013-1987 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1987):
  Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X
  servers to trigger allocation of insufficient memory and a buffer overflow
  via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats,
  and (3) XRenderQueryPictIndexValues functions.

CVE-2013-1986 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1986):
  Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X
  servers to trigger allocation of insufficient memory and a buffer overflow
  via vectors related to the (1) XRRQueryOutputProperty and (2)
  XRRQueryProviderProperty functions.

CVE-2013-1985 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1985):
  Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to
  trigger allocation of insufficient memory and a buffer overflow via vectors
  related to the XineramaQueryScreens function.

CVE-2013-1984 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1984):
  Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers
  to trigger allocation of insufficient memory and a buffer overflow via
  vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3)
  XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty,
  (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices
  functions.

CVE-2013-1983 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1983):
  Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to
  trigger allocation of insufficient memory and a buffer overflow via vectors
  related to the XFixesGetCursorImage function.

CVE-2013-1982 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1982):
  Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X
  servers to trigger allocation of insufficient memory and a buffer overflow
  via vectors related to the (1) XcupGetReservedColormapEntries, (2)
  XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5)
  XShapeGetRectangles, and (6) XSyncListSystemCounters functions.

CVE-2013-1981 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1981):
  Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier
  allow X servers to trigger allocation of insufficient memory and a buffer
  overflow via vectors related to the (1) XQueryFont, (2)
  _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5)
  XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8)
  XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11)
  LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14)
  TransFileName functions.
Comment 2 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-09 12:54:28 UTC
@maintainers: ping, this is a pretty severe bug and we're blocking on the stable list for July...and it's September. Can we please get some progress here?
Comment 3 Ulrich Müller gentoo-dev 2013-10-07 10:27:46 UTC
As far as I can see, this also affects app-emulation/emul-linux-x86-xlibs. The emul-linux-x86-xlibs-20130224.tar.xz tarball contains the vulnerable versions of the libraries listed in comment #0.

CCing multilib (or should I file a new bug for this?).
Comment 4 Yury German Gentoo Infrastructure gentoo-dev Security 2013-10-07 13:55:26 UTC
@maintainers  - Looks like all the versions needed are available in the portage tree, do we want to go through stabilizing the appropriate versions?
Comment 5 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2013-10-07 14:01:46 UTC
For emul-linux, I think we're quite ready to start stabilizing abi_x86_32 on xlibs packages and replace emul-linux with virtual. Of course, if nobody minds that.
Comment 6 Yury German Gentoo Infrastructure gentoo-dev Security 2013-10-07 14:09:36 UTC
Correction to my previous post, it should of read for everything not being addressed in stabilization as part of 475480.
Comment 7 Pacho Ramos gentoo-dev 2013-10-07 17:25:10 UTC
(In reply to Michał Górny from comment #5)
> For emul-linux, I think we're quite ready to start stabilizing abi_x86_32 on
> xlibs packages and replace emul-linux with virtual. Of course, if nobody
> minds that.

I would proceed with that way too if possible
Comment 8 Agostino Sarubbo gentoo-dev 2013-10-22 07:34:39 UTC
The stabilization was done, please add it to the glsa draft.
Comment 9 Sergey Popov gentoo-dev 2013-11-04 11:38:20 UTC
Added to existing GLSA draft
Comment 10 Chí-Thanh Christopher Nguyễn gentoo-dev 2013-11-29 15:36:11 UTC
Cleanup of old mesa versions neeeds bug 488018 fixed first.
Comment 11 Alex Xu (Hello71) 2014-02-17 01:47:51 UTC
(In reply to Chí-Thanh Christopher Nguyễn from comment #10)
> Cleanup of old mesa versions neeeds bug 488018 fixed first.

It appears to be fixed.
Comment 12 Chí-Thanh Christopher Nguyễn gentoo-dev 2014-03-26 13:37:07 UTC
Vulnerable versions of mesa have been p.masked. Vulnerable versions of all other packages have been removed from the tree.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2014-05-15 12:18:51 UTC
This issue was resolved and addressed in
 GLSA 201405-07 at http://security.gentoo.org/glsa/glsa-201405-07.xml
by GLSA coordinator Mikle Kolyada (Zlogene).