#2100: Xorg Security Vulnerabilities ---------------------------------------------+------------------------------ Reporter: [EMAIL PROTECTED] | Owner: [email protected] Type: defect | Status: new Priority: high | Milestone: 6.2 Component: BOOK | Version: SVN Severity: major | Keywords: ---------------------------------------------+------------------------------ There are currently some fixes released by Xorg for vulnerabilities in Xorg-6.9.0 and Xorg-7.1. They are here:
http://xorg.freedesktop.org/releases/X11R6.9.0/patches/ [[br]] http://xorg.freedesktop.org/releases/X11R7.1/patches/ The first two 6.9.0 patches are already addressed with sed's in the book. These same problems are included in Xorg-7.1. The new setuid() problem is tricky. It is a large patch on 6.9.0. I've created a rollup patch for 6.9.0 containing the first two patches, too. I haven't submitted them yet. The more difficult part is 7.1 because of our book layout. Currently, you are expected to just install all the packages in series. These patches would break up the flow. Would it be enough to include the patch on the page, e.g. [http://xorg.freedesktop.org/releases/X11R7.1/patches/libX11-1.0.1-setuid.diff this patch] on the lib page. This implies that we expect the user to apply the patch to the appropriate package. -- Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/2100> BLFS Trac <http://wiki.linuxfromscratch.org/blfs> Beyond Linux From Scratch -- http://linuxfromscratch.org/mailman/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
