[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Cannot find wheezy package in archives for Re: [SECURITY] [DSA 2661-1] xorg-server security update

Hello,
I cannot find the wheezy packages for this update in the archives. I've checked the Packages.gz files on my local mirror (ftp.nl.debian.org), on the central repo (ftp.debian.org) and on security.debian.org. The first 2 contain Packages.gz files that point to the old version of the package (2:1.12.4-5); security.debian.org does not have xserver-xorg-core in its Packages.gz file at all. I checked the wheezy/binary-amd64 versions of the Packages.gz files, as that is the one I need on my system. Also, packages.debian.org lists 2:1.12.4-5 as the latest version of this package for both sid/unstable and wheezy/testing.
Usually the packages are available as soon as the mail announcement of the DSA is sent. Am I too inpatient, or is something wrong. 

Please cc me on replies, as I'm not subscribed to the list.

With kind regards, Erik.


On 04/17/2013 09:34 PM, Yves-Alexis Perez wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2661-1                   security@debian.org
http://www.debian.org/security/                         Yves-Alexis Perez
April 17, 2013                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xorg-server
Vulnerability  : information disclosure
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2013-1940

David Airlie and Peter Hutterer of Red Hat discovered that xorg-server,
the Xorg X server was vulnerable to an information disclosure flaw
related to input handling and devices hotplug.

When an X server is running but not on front (for example because of a VT
switch), a newly plugged input device would still be recognized and
handled by the X server, which would actually transmit input events to
its clients on the background.

This could allow an attacker to recover some input events not intended
for the X clients, including sensitive information.

For the stable distribution (squeeze), this problem has been fixed in
version 2:1.7.7-16.

For the testing distribution (wheezy), this problem has been fixed in
version 2:1.12.4-6.

For the unstable distribution (sid), this problem has been fixed in
version 2:1.12.4-6.

We recommend that you upgrade your xorg-server packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQEcBAEBCgAGBQJRbvkmAAoJEG3bU/KmdcClqqgH/1OnXR3/xP1OcrxzhmGAKvBw
hvU8z9V7+q3qjRzUwV0k98EM84AJbh3EmtvxNg3WgWismD/x70iYuI/9X+jaj0DY
nlHhfICOE9MwXT0tU0q4QEV67Ft864+LW/BPr6gWbL0rpR5BwmmEn7Bf5I54wBSY
Su32QCtgN/kNzyhKrQW/NptucodULvjDxwk+Ce2w+3xDtQ+XZMK+tA7ijlilTHjF
G7/M4m81ENj5F6Gk2RZyuD/6ZI9tgxJpdDBI+adAG+MZyRyvOYNFHpyA8zkS26Nb
rdfjbWUmBjyAXnRVqQz+C+s2BX9WHZKLCsBzxUGGTLk03873iwJ1qk6GhKLw/ls=
=BAj2
-----END PGP SIGNATURE-----





--
Met vriendelijke groeten/With kind regards, Erik Laan.
Reply to: