Bug#378465: xserver-xorg: CVE-2006-0745
Package: xserver-xorg
Version: 1:7.0.22
Severity: important
Tags: security patch
Back in march CVE-2006-745 was reported [1] and fixed [2]. I looked at my
current testing output:
helge@remaxp:/usr/share/doc/xserver-xorg$ Xorg -version
X Window System Version 7.0.0
Release Date: 21 December 2005
X Protocol Version 11, Revision 0, Release 7.0
Build Operating System:Linux 2.6.16-1-vserver-amd64-k8 x86_64
Current Operating System: Linux remaxp 2.6.14.6-grsec-cz02 #1 Sun Jun 18 09:35:5
4 CEST 2006 x86_64
Build Date: 16 March 2006
Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
Module Loader present
and see that my server was build *before* the date of the report. Since I did
not see a bug report [3] on this nor did I find anything in
/usr/share/doc/xserver-xorg, I report this here to track this for Etch.
I am not sure about the severity, please coordinate if an update Etch
security is necessary.
Furthermore I did not see an DSA for Sarge[4], if Sarge is not vulnerable
then please remember to update the appropriate list[5] accordingly.
[1] http://lwn.net/Articles/176234/
[2] http://lwn.net/Articles/176257/
[3] http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=xserver-xorg
[4] http://www.debian.org/security/nonvulns-sarge
[5] http://www.debian.org/security/2006/
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14.6-grsec-cz02
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)
Versions of packages xserver-xorg depends on:
ii debconf 1.5.2 Debian configuration management sy
ii x11-common 1:7.0.22 X Window System (X.Org) infrastruc
ii xbase-clients 1:7.1.ds-2 miscellaneous X clients
ii xkb-data 0.8-5 X Keyboard Extension (XKB) configu
ii xserver-xorg-core 1:1.0.2-9 X.Org X server -- core server
ii xserver-xorg-input-evdev [xs 1:1.0.0.5-2 X.Org X server -- evdev input driv
ii xserver-xorg-input-kbd [xser 1:1.0.1.3-2 X.Org X server -- keyboard input d
ii xserver-xorg-input-mouse [xs 1:1.0.4-3 X.Org X server -- mouse input driv
ii xserver-xorg-video-ati [xser 1:6.5.8.0-1 X.Org X server -- ATI display driv
ii xserver-xorg-video-dummy [xs 1:0.1.0.5-2 X.Org X server -- dummy display dr
ii xserver-xorg-video-fbdev [xs 1:0.1.0.5-2 X.Org X server -- fbdev display dr
ii xserver-xorg-video-glint [xs 1:1.0.1.3-3 X.Org X server -- Glint display dr
ii xserver-xorg-video-v4l [xser 0.0.1.5-1 X.Org X server -- Video 4 Linux di
ii xserver-xorg-video-vesa [xse 1:1.0.1.3-2 X.Org X server -- VESA display dri
ii xserver-xorg-video-vga [xser 1:4.0.0.5-2 X.Org X server -- VGA display driv
Versions of packages xserver-xorg recommends:
ii discover1 1.7.18 hardware identification system
pn laptop-detect <none> (no description available)
ii mdetect 0.5.2.1 mouse device autodetection tool
pn xresprobe <none> (no description available)
-- debconf-show failed
--
Dr. Helge Kreutzmann debian@helgefjell.de
Dipl.-Phys. http://www.helgefjell.de/debian.php
64bit GNU powered gpg signed mail preferred
Help keep free software "libre": http://www.ffii.de/
Reply to: