On 30/10/2018 11:25, Peter Tribble wrote:
On Tue, Oct 30, 2018 at 10:13 AM Udo Grabowski (IMK) <udo.grabow...@kit.edu <mailto:udo.grabow...@kit.edu>> wrote: This Xorg patch should be immediately merged in Hipster: It was merged and updated packages published last Thursday, by the looks of it: commit b694face8cd955399d90fae658d6a01fb1fa9c5b Author: Aurelien Larcher <aurelien.larc...@gmail.com <mailto:aurelien.larc...@gmail.com>> Date: Thu Oct 25 19:31:53 2018 +0200 xorg-server: CVE-2018-14665 <https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e> That check had been part of older Xorgs ,e.g., on oi_151a9. See the really nasty CVE-2018-14665: <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665> -- ... -- -Peter Tribble http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/
Indeed, didn't find x11 because I was on the wrong branch <https://github.com/OpenIndiana/oi-userland/tree/upstream/components> instead of <https://github.com/OpenIndiana/oi-userland/tree/oi/hipster/components> Security bugs like that completely destroy my approach of jumping from one 'stable' release to the next, so the only secure way is indeed a rolling release if you don't have enough manpower to maintain a cherry-picking 'stable' major-bugfix-only branch. -- Dr.Udo Grabowski Inst.f.Meteorology & Climate Research IMK-ASF-SAT http://www.imk-asf.kit.edu/english/sat.php KIT - Karlsruhe Institute of Technology http://www.kit.edu Postfach 3640,76021 Karlsruhe,Germany T:(+49)721 608-26026 F:-926026
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ oi-dev mailing list oi-dev@openindiana.org https://openindiana.org/mailman/listinfo/oi-dev