[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#673148: marked as done (CVE-2012-2118)

Your message dated Sun, 20 May 2012 10:08:10 +0000
with message-id <E1SW33a-0002pc-KF@franck.debian.org>
and subject line Bug#673148: fixed in xorg-server 2:1.12.1.902-1
has caused the Debian Bug report #673148,
regarding CVE-2012-2118
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
673148: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673148
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: xorg-server
Severity: important
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2118 for more
details and links to upstream patches.

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: xorg-server
Source-Version: 2:1.12.1.902-1

We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive:

xdmx-tools_1.12.1.902-1_amd64.deb
  to main/x/xorg-server/xdmx-tools_1.12.1.902-1_amd64.deb
xdmx_1.12.1.902-1_amd64.deb
  to main/x/xorg-server/xdmx_1.12.1.902-1_amd64.deb
xnest_1.12.1.902-1_amd64.deb
  to main/x/xorg-server/xnest_1.12.1.902-1_amd64.deb
xorg-server_1.12.1.902-1.diff.gz
  to main/x/xorg-server/xorg-server_1.12.1.902-1.diff.gz
xorg-server_1.12.1.902-1.dsc
  to main/x/xorg-server/xorg-server_1.12.1.902-1.dsc
xorg-server_1.12.1.902.orig.tar.gz
  to main/x/xorg-server/xorg-server_1.12.1.902.orig.tar.gz
xserver-common_1.12.1.902-1_all.deb
  to main/x/xorg-server/xserver-common_1.12.1.902-1_all.deb
xserver-xephyr_1.12.1.902-1_amd64.deb
  to main/x/xorg-server/xserver-xephyr_1.12.1.902-1_amd64.deb
xserver-xfbdev_1.12.1.902-1_amd64.deb
  to main/x/xorg-server/xserver-xfbdev_1.12.1.902-1_amd64.deb
xserver-xorg-core-dbg_1.12.1.902-1_amd64.deb
  to main/x/xorg-server/xserver-xorg-core-dbg_1.12.1.902-1_amd64.deb
xserver-xorg-core-udeb_1.12.1.902-1_amd64.udeb
  to main/x/xorg-server/xserver-xorg-core-udeb_1.12.1.902-1_amd64.udeb
xserver-xorg-core_1.12.1.902-1_amd64.deb
  to main/x/xorg-server/xserver-xorg-core_1.12.1.902-1_amd64.deb
xserver-xorg-dev_1.12.1.902-1_amd64.deb
  to main/x/xorg-server/xserver-xorg-dev_1.12.1.902-1_amd64.deb
xvfb_1.12.1.902-1_amd64.deb
  to main/x/xorg-server/xvfb_1.12.1.902-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 673148@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cyril Brulebois <kibi@debian.org> (supplier of updated xorg-server package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 20 May 2012 10:52:52 +0200
Source: xorg-server
Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-xfbdev xserver-xorg-core-dbg xserver-common
Architecture: source all amd64
Version: 2:1.12.1.902-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Cyril Brulebois <kibi@debian.org>
Description: 
 xdmx       - distributed multihead X server
 xdmx-tools - Distributed Multihead X tools
 xnest      - Nested X server
 xserver-common - common files used by various X servers
 xserver-xephyr - nested X server
 xserver-xfbdev - Linux framebuffer device tiny X server
 xserver-xorg-core - Xorg X server - core server
 xserver-xorg-core-dbg - Xorg - the X.Org X server (debugging symbols)
 xserver-xorg-core-udeb - Xorg X server - core server (udeb)
 xserver-xorg-dev - Xorg X server - development files
 xvfb       - Virtual Framebuffer 'fake' X server
Closes: 671812 673148
Changes: 
 xorg-server (2:1.12.1.902-1) unstable; urgency=medium
 .
   [ Julien Cristau ]
   * xvfb-run: kill Xvfb when the script dies.
   * xvfb-run: instead of waiting 3 seconds and hoping that's enough for Xvfb
     to come up (and waiting 2.9 seconds too many in the general case), tell it
     to send us SIGUSR1 when it's ready to accept connections.  This reduces
     "xvfb-run -- xterm -e true" from ~3.2s to ~0.4s on a quick test.
   * xvfb-run: fix xauth handling; setting XAUTHORITY when starting an X server
     isn't actually useful, we need to use the -auth command-line parameter
     instead.  Somehow this seems to have been broken all these years and
     nobody noticed...
 .
   [ Cyril Brulebois ]
   * New upstream release candidate for the 1.12 stable branch:
     - Bring the usual lot of stability fixes.
     - Fix segfault on server shutdown (Closes: #671812).
     - Refactor logging, fixing a format string vulnerability which could lead
       to a denial of service (“only”, thanks to the fortified sources). This
       is CVE-2012-2118 (Closes: #673148).
   * Bump severity to “medium” for those two important fixes.
Checksums-Sha1: 
 e436ade0c8ab3520bb83fe70d7516de43e36cb08 3483 xorg-server_1.12.1.902-1.dsc
 c5fc232decc3eaa18283ffb313dde8b0b73e48b3 7519286 xorg-server_1.12.1.902.orig.tar.gz
 0853d551ad9adecb35263f93475e6dcb776630b2 82673 xorg-server_1.12.1.902-1.diff.gz
 196183c1173afffd198e40cddc94d596285549cf 1382164 xserver-common_1.12.1.902-1_all.deb
 745583aca5e06ee592ed0995e1f64a1106eac4f0 1759884 xserver-xorg-core_1.12.1.902-1_amd64.deb
 e708b819bde3cb7ce00b938c7b5623d5a0aaf2b2 866594 xserver-xorg-core-udeb_1.12.1.902-1_amd64.udeb
 a031aa7685dc8924d8fd3ce980b71e355ecc4981 317372 xserver-xorg-dev_1.12.1.902-1_amd64.deb
 9e1eee75ccc180f4ecc74f93f7c1d1d12c2d8115 921586 xdmx_1.12.1.902-1_amd64.deb
 5e957c61cdbaebbac8037a8935950ee6417c98f8 125112 xdmx-tools_1.12.1.902-1_amd64.deb
 23ef80468960a1eb219b404fc7f7427c20ae69bf 820114 xnest_1.12.1.902-1_amd64.deb
 f6b6a3f0aabc0116e1b0e74291886a3695a84626 923910 xvfb_1.12.1.902-1_amd64.deb
 72272d9214a3fed149e37cf696291d9a43748196 1015106 xserver-xephyr_1.12.1.902-1_amd64.deb
 3125067976eb8a57abb92e15e4f5f05f9f4da87e 937310 xserver-xfbdev_1.12.1.902-1_amd64.deb
 3a4d4c092ea2fdfb18bd95731900825ce86c37b5 7284050 xserver-xorg-core-dbg_1.12.1.902-1_amd64.deb
Checksums-Sha256: 
 df1d72eba93fdccdc0e95c0230a4d94f08163967c05e6d4a731be7f154ce28ee 3483 xorg-server_1.12.1.902-1.dsc
 aabeaf68ef7885ad2bc33a4a6ac2abb3c5c12ee563b53744932093a15a17d499 7519286 xorg-server_1.12.1.902.orig.tar.gz
 711a80e81c8d3b23023b762bdbbf6b2cc3642b822770f90b4a7bcfd8c73e57bf 82673 xorg-server_1.12.1.902-1.diff.gz
 7c06f5387dc46a80e6151277c545547201d9bb8fe985acdf0f057c195d4aad19 1382164 xserver-common_1.12.1.902-1_all.deb
 35bd4f64622f8e40d952b454bc2c682fe6f9b1cc90d559e4766dd68e53fd1719 1759884 xserver-xorg-core_1.12.1.902-1_amd64.deb
 ec69d3661a354cb1b92b8151eaa951a14fd3397d316d7fe4df348e99127ae522 866594 xserver-xorg-core-udeb_1.12.1.902-1_amd64.udeb
 366a53c66452adce194a80b8afcaf8f6e6763f67333f61425ea6d43d15e4725b 317372 xserver-xorg-dev_1.12.1.902-1_amd64.deb
 27eaed0a1b152c71f61b0951be504504ffd927ad9ed45d113da0429fe031b6d1 921586 xdmx_1.12.1.902-1_amd64.deb
 24b40e263c0991560a64ee474b8fd06372ca18d60a7684ad59f39eb93442d749 125112 xdmx-tools_1.12.1.902-1_amd64.deb
 a164af4a04ae3d47ac6b2000310d287bb97fa9fcc2b0f50f751d91d1db8cb119 820114 xnest_1.12.1.902-1_amd64.deb
 1b76a853b25603ffbda86783b736cc291dcddde65fc2ca8f42b45beb3084a29e 923910 xvfb_1.12.1.902-1_amd64.deb
 02f8f9f6d78ef5be8299a9d9b2d8decc51d7985067f543ba0b2b1ff1beb6a83d 1015106 xserver-xephyr_1.12.1.902-1_amd64.deb
 9b7816a242be6bbb9ad95b4236339972423cb9470ac565a66b12126c43a6d044 937310 xserver-xfbdev_1.12.1.902-1_amd64.deb
 8fe49d128cc9cbd7d9d0bfdae12234a678d2973daf779775dada82731b90bd89 7284050 xserver-xorg-core-dbg_1.12.1.902-1_amd64.deb
Files: 
 9cd5c46cc89966be7b2e00944c873679 3483 x11 optional xorg-server_1.12.1.902-1.dsc
 40b0de8c8fad46357ba2bf5b1bc18377 7519286 x11 optional xorg-server_1.12.1.902.orig.tar.gz
 a021bee80ff4a08d62ae5d05810738b3 82673 x11 optional xorg-server_1.12.1.902-1.diff.gz
 1f29d54b0ad768f49d8589c7ce86c1de 1382164 x11 optional xserver-common_1.12.1.902-1_all.deb
 5ee09dd99193e3c787ad942ac286b090 1759884 x11 optional xserver-xorg-core_1.12.1.902-1_amd64.deb
 77a03654e6cf9fc8fdd3120c2a67dd9c 866594 debian-installer optional xserver-xorg-core-udeb_1.12.1.902-1_amd64.udeb
 c420ce5f17e7a040bae01963e5fa3976 317372 x11 optional xserver-xorg-dev_1.12.1.902-1_amd64.deb
 ad4755c27d6e2477a70ada03f312db15 921586 x11 optional xdmx_1.12.1.902-1_amd64.deb
 39fdf92322e9ec29c55492582a51c489 125112 x11 optional xdmx-tools_1.12.1.902-1_amd64.deb
 ac2a1dbc8b2d5f8a75fc4807c16a0239 820114 x11 optional xnest_1.12.1.902-1_amd64.deb
 7efa873ea7a6d38c1b6d6bfcfec22c88 923910 x11 optional xvfb_1.12.1.902-1_amd64.deb
 7e68089951fc3f85482fa6092d97f09c 1015106 x11 optional xserver-xephyr_1.12.1.902-1_amd64.deb
 b83ef6c2a908a96689a3ee3b54675e94 937310 x11 optional xserver-xfbdev_1.12.1.902-1_amd64.deb
 cfc7225e952a42148ca20173d14d0b42 7284050 debug extra xserver-xorg-core-dbg_1.12.1.902-1_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk+4vkoACgkQeGfVPHR5Nd3Y6QCeKoTVETyJNvCCa3kWIofaJmcm
D/wAn3gpA92+hn9SHYT2iXe3OuPctQp8
=+7dn
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: