On 2016-01-30 11:26:59, Antoine Beaupré wrote: > The problem is, from what I understand, there is no way to fix > CVE-2016-1908 while ForwardX11Trusted is set to "yes". Basically, that > setting makes the whole exploit unnecessary because there's no > protection to workaround. > > I am therefore tempted to agree with Guido that we should just mark this > as no-dsa and move on, because, unless users have explicitely disable > ForwardX11Trusted, it's impossible for us to fix that security issue for > them.
I went ahead and did just that. A. -- A genius is someone who discovers that the stone that falls and the moon that doesn't fall represent one and the same phenomenon. - Ernesto Sabato