subject:"\[oi\-dev\] Security patch for Xorg 19.x"

Re: [oi-dev] Security patch for Xorg 19.x

2018-10-31 Thread Aurélien Larcher

On Wed, Oct 31, 2018 at 9:10 AM Udo Grabowski (IMK) 
wrote:

> On 30/10/2018 11:25, Peter Tribble wrote:
> >
> >
> > On Tue, Oct 30, 2018 at 10:13 AM Udo Grabowski (IMK) <
> udo.grabow...@kit.edu
> > > wrote:
> >
> > This Xorg patch should be immediately merged in Hipster:
> >
> >
> > It was merged and updated packages published last Thursday, by the looks
> of it:
> >
> > commit b694face8cd955399d90fae658d6a01fb1fa9c5b
> > Author: Aurelien Larcher  > >
> > Date:   Thu Oct 25 19:31:53 2018 +0200
> >
> > xorg-server: CVE-2018-14665
> >
> >
> >
> > <
> https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e
> >
> >
> > That check had been part of older Xorgs ,e.g., on oi_151a9.
> >
> > See the really nasty CVE-2018-14665:
> > 
> > --
> > ...
> > --
> > -Peter Tribble
> > http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/
>
> Indeed, didn't find x11 because I was on the wrong branch
> 
> instead of
> 
>
> Security bugs like that completely destroy my approach of jumping
> from one 'stable' release to the next, so the only secure way is indeed
> a rolling release if you don't have enough manpower to maintain a
> cherry-picking 'stable' major-bugfix-only branch.
>

You can probably just unlock the version facet to allow update of xorg only
while keeping the rest of userland-incorporation in place.



> --
> Dr.Udo Grabowski   Inst.f.Meteorology & Climate Research IMK-ASF-SAT
> http://www.imk-asf.kit.edu/english/sat.php
> KIT - Karlsruhe Institute of Technology   http://www.kit.edu
> Postfach 3640,76021 Karlsruhe,Germany T:(+49)721 608-26026 F:-926026
>
> ___
> oi-dev mailing list
> oi-dev@openindiana.org
> https://openindiana.org/mailman/listinfo/oi-dev



-- 
---
Praise the Caffeine embeddings
___
oi-dev mailing list
oi-dev@openindiana.org
https://openindiana.org/mailman/listinfo/oi-dev

Re: [oi-dev] Security patch for Xorg 19.x

2018-10-31 Thread Udo Grabowski (IMK)


On 30/10/2018 11:25, Peter Tribble wrote:



On Tue, Oct 30, 2018 at 10:13 AM Udo Grabowski (IMK) mailto:udo.grabow...@kit.edu>> wrote:

This Xorg patch should be immediately merged in Hipster:


It was merged and updated packages published last Thursday, by the looks of it:

commit b694face8cd955399d90fae658d6a01fb1fa9c5b
Author: Aurelien Larcher mailto:aurelien.larc...@gmail.com>>
Date:   Thu Oct 25 19:31:53 2018 +0200

xorg-server: CVE-2018-14665






That check had been part of older Xorgs ,e.g., on oi_151a9.

See the really nasty CVE-2018-14665:

--
...
--
-Peter Tribble
http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/


Indeed, didn't find x11 because I was on the wrong branch

instead of


Security bugs like that completely destroy my approach of jumping
from one 'stable' release to the next, so the only secure way is indeed
a rolling release if you don't have enough manpower to maintain a
cherry-picking 'stable' major-bugfix-only branch.
--
Dr.Udo Grabowski   Inst.f.Meteorology & Climate Research IMK-ASF-SAT
http://www.imk-asf.kit.edu/english/sat.php
KIT - Karlsruhe Institute of Technology   http://www.kit.edu
Postfach 3640,76021 Karlsruhe,Germany T:(+49)721 608-26026 F:-926026



smime.p7s
Description: S/MIME Cryptographic Signature
___
oi-dev mailing list
oi-dev@openindiana.org
https://openindiana.org/mailman/listinfo/oi-dev

Re: [oi-dev] Security patch for Xorg 19.x

2018-10-30 Thread Aurélien Larcher

On Tue, Oct 30, 2018 at 11:26 AM Peter Tribble 
wrote:

>
>
> On Tue, Oct 30, 2018 at 10:13 AM Udo Grabowski (IMK) <
> udo.grabow...@kit.edu> wrote:
>
>> This Xorg patch should be immediately merged in Hipster:
>>
>
> It was merged and updated packages published last Thursday, by the looks
> of it:
>
> commit b694face8cd955399d90fae658d6a01fb1fa9c5b
> Author: Aurelien Larcher 
> Date:   Thu Oct 25 19:31:53 2018 +0200
>
> xorg-server: CVE-2018-14665
>

Indeed :)
I also posted on Twitter:
https://twitter.com/OpenIndiana/status/109789831430144

>
>
>
>> <
>> https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e
>> >
>>
>> That check had been part of older Xorgs ,e.g., on oi_151a9.
>>
>> See the really nasty CVE-2018-14665:
>> 
>> --
>> Dr.Udo Grabowski   Inst.f.Meteorology & Climate Research IMK-ASF-SAT
>> http://www.imk-asf.kit.edu/english/sat.php
>> KIT - Karlsruhe Institute of Technology   http://www.kit.edu
>> Postfach 3640,76021 Karlsruhe,Germany T:(+49)721 608-26026 F:-926026
>>
>> ___
>> oi-dev mailing list
>> oi-dev@openindiana.org
>> https://openindiana.org/mailman/listinfo/oi-dev
>
>
>
> --
> -Peter Tribble
> http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/
> ___
> oi-dev mailing list
> oi-dev@openindiana.org
> https://openindiana.org/mailman/listinfo/oi-dev



-- 
---
Praise the Caffeine embeddings
___
oi-dev mailing list
oi-dev@openindiana.org
https://openindiana.org/mailman/listinfo/oi-dev

Re: [oi-dev] Security patch for Xorg 19.x

2018-10-30 Thread Peter Tribble

On Tue, Oct 30, 2018 at 10:13 AM Udo Grabowski (IMK) 
wrote:

> This Xorg patch should be immediately merged in Hipster:
>

It was merged and updated packages published last Thursday, by the looks of
it:

commit b694face8cd955399d90fae658d6a01fb1fa9c5b
Author: Aurelien Larcher 
Date:   Thu Oct 25 19:31:53 2018 +0200

xorg-server: CVE-2018-14665



> <
> https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e
> >
>
> That check had been part of older Xorgs ,e.g., on oi_151a9.
>
> See the really nasty CVE-2018-14665:
> 
> --
> Dr.Udo Grabowski   Inst.f.Meteorology & Climate Research IMK-ASF-SAT
> http://www.imk-asf.kit.edu/english/sat.php
> KIT - Karlsruhe Institute of Technology   http://www.kit.edu
> Postfach 3640,76021 Karlsruhe,Germany T:(+49)721 608-26026 F:-926026
>
> ___
> oi-dev mailing list
> oi-dev@openindiana.org
> https://openindiana.org/mailman/listinfo/oi-dev



-- 
-Peter Tribble
http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/
___
oi-dev mailing list
oi-dev@openindiana.org
https://openindiana.org/mailman/listinfo/oi-dev

[oi-dev] Security patch for Xorg 19.x

2018-10-30 Thread Udo Grabowski (IMK)


This Xorg patch should be immediately merged in Hipster:



That check had been part of older Xorgs ,e.g., on oi_151a9.

See the really nasty CVE-2018-14665:

--
Dr.Udo Grabowski   Inst.f.Meteorology & Climate Research IMK-ASF-SAT
http://www.imk-asf.kit.edu/english/sat.php
KIT - Karlsruhe Institute of Technology   http://www.kit.edu
Postfach 3640,76021 Karlsruhe,Germany T:(+49)721 608-26026 F:-926026



smime.p7s
Description: S/MIME Cryptographic Signature
___
oi-dev mailing list
oi-dev@openindiana.org
https://openindiana.org/mailman/listinfo/oi-dev

Re: [oi-dev] Security patch for Xorg 19.x

Re: [oi-dev] Security patch for Xorg 19.x

Re: [oi-dev] Security patch for Xorg 19.x

Re: [oi-dev] Security patch for Xorg 19.x

[oi-dev] Security patch for Xorg 19.x

5 matches

Site Navigation

Mail list logo

Footer information