Bug#485860: marked as done (xserver-xorg-core: iDefense Security Advisory 06.11.08)
Your message dated Thu, 12 Jun 2008 00:12:04 +0200
with message-id <200806120012.04634.thijs@debian.org>
and subject line Re: Bug#485860: xserver-xorg-core: iDefense Security Advisory 06.11.08
has caused the Debian Bug report #485860,
regarding xserver-xorg-core: iDefense Security Advisory 06.11.08
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
485860: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485860
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: xserver-xorg-core
Version: 2:1.1.1-21etch4
Severity: grave
Tags: security
Justification: user security hole
iDefense has reported Xorg security issues:
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension AllocateGlyph() Integer Overflow Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062770.html
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension ProcRenderCreateCursor() Integer Overflow Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062771.html
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension Gradient Creation Integer Overflow Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062772.html
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062773.html
iDefense Security Advisory 06.11.08: Multiple Vendor X Server MIT-SHM Extension Information Disclosure Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062774.html
They all refer to:
X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
I wonder if Debian is affected by these issues.
Thanks,
Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- Package-specific info:
[Snipped: checks, listings of xorg.conf and Xorg.0.log]
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-pk02.15-svr
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages xserver-xorg-core depends on:
ii libc6 2.3.6.ds1-13etch5 GNU C Library: Shared libraries
ii libfontenc1 1:1.0.2-2 X11 font encoding library
ii libgcc1 1:4.1.1-21 GCC support library
ii libxau6 1:1.0.1-2 X11 authorisation library
ii libxdmcp6 1:1.0.1-2 X11 Display Manager Control Protoc
ii libxfont1 1:1.2.2-2.etch1 X11 font rasterisation library
ii x11-common 1:7.1.0-19 X Window System (X.Org) infrastruc
ii xserver-xorg 1:7.1.0-19 the X.Org X server
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages xserver-xorg-core recommends:
ii xfonts-base 1:1.0.0-4 standard fonts for X
ii xkb-data 0.9-4 X Keyboard Extension (XKB) configu
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 2:1.1.1-21etch5
Thanks, we are well aware and updated packages have been released for both sid
and etch.
cheers,
Thijs
--- End Message ---
Reply to: