Hello,
I just completed a rather long backport of the xorg-server security fixes.
Please install the updated packages and verify that nothing breaks, in
particular with 3D applications (with and without LIBGL_ALWAYS_INDIRECT=1
in the environment).
You can grab the test packages for amd64 here:
dget http://people.debian.org/~hertzog/packages/xorg-server_1.7.7-18+deb6u1_amd64.changes
My own tests with "glxgears" and a few 3D games did not show any
problem but this was a virtualbox setup and some tests with real
hardware is probably useful.
Please tell me whether the packages work for you.
For reference, here's the current changelog entry and attached is the debdiff.
xorg-server (2:1.7.7-18+deb6u1) squeeze-lts; urgency=high
* Non-maintainer upload by the Debian LTS Team.
* Backport many upstream patches to fix the following CVE:
- CVE-2014-8091
- CVE-2014-8092
- CVE-2014-8093
- CVE-2014-8094
- CVE-2014-8095
- CVE-2014-8096
- CVE-2014-8097
- CVE-2014-8098
- CVE-2014-8099
- CVE-2014-8100
- CVE-2014-8101
- CVE-2014-8102
Backport has been made after the patch list provided by the upstream
developers here:
http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/
-- Raphaël Hertzog <hertzog@debian.org> Thu, 18 Dec 2014 15:22:58 +0100
The diffstat of the update to show that the backported patches are
rather large:
debian/patches/26-CVE-2014-8091.diff | 34 +
debian/patches/27-CVE-2014-8092_1.diff | 29 +
debian/patches/27-CVE-2014-8092_2.diff | 45 +
debian/patches/27-CVE-2014-8092_3.diff | 123 ++++
debian/patches/27-CVE-2014-8092_4.diff | 28 +
debian/patches/28-CVE-2014-8094.diff | 26
debian/patches/CVE-2014-8093_1.diff | 40 +
debian/patches/CVE-2014-8093_2.diff | 153 +++++
debian/patches/CVE-2014-8093_3.diff | 49 +
debian/patches/CVE-2014-8093_4.diff | 74 ++
debian/patches/CVE-2014-8093_5.diff | 204 +++++++
debian/patches/CVE-2014-8093_6.diff | 26
debian/patches/CVE-2014-8095.diff | 521 +++++++++++++++++++
debian/patches/CVE-2014-8096.diff | 18
debian/patches/CVE-2014-8097.diff | 86 +++
debian/patches/CVE-2014-8098_1.diff | 51 +
debian/patches/CVE-2014-8098_2.diff | 66 ++
debian/patches/CVE-2014-8098_3.diff | 151 +++++
debian/patches/CVE-2014-8098_4.diff | 44 +
debian/patches/CVE-2014-8098_5.diff | 70 ++
debian/patches/CVE-2014-8098_6.diff | 35 +
debian/patches/CVE-2014-8098_7.diff | 527 +++++++++++++++++++
debian/patches/CVE-2014-8098_8.diff | 867 ++++++++++++++++++++++++++++++++
debian/patches/CVE-2014-8098_9.diff | 36 +
debian/patches/CVE-2014-8099.diff | 171 ++++++
debian/patches/CVE-2014-8100_1.diff | 27
debian/patches/CVE-2014-8100_2.diff | 132 ++++
debian/patches/CVE-2014-8101.diff | 44 +
debian/patches/CVE-2014-8102.diff | 20
debian/patches/extra_tests_1.diff | 181 ++++++
debian/patches/extra_tests_2.diff | 48 +
debian/patches/extra_tests_3.diff | 71 ++
xorg-server-1.7.7/debian/changelog | 22
xorg-server-1.7.7/debian/patches/series | 32 +
34 files changed, 4051 insertions(+)
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Attachment:
debdiff.txt.xz
Description: application/xz