Re: Fixing CVE-2013-4396 in squeeze-backports

To: intrigeri <intrigeri@debian.org>
Cc: Debian X Strike Force <debian-x@lists.debian.org>
Subject: Re: Fixing CVE-2013-4396 in squeeze-backports
From: Julien Cristau <jcristau@debian.org>
Date: Wed, 23 Oct 2013 22:02:13 +0200
Message-id: <[🔎] 20131023200213.GM4002@betterave.cristau.org>
In-reply-to: <[🔎] 85d2mwpgx0.fsf@boum.org>
References: <[🔎] 85d2mwpgx0.fsf@boum.org>

On Wed, Oct 23, 2013 at 09:47:39 +0200, intrigeri wrote:

> Hi,
> 
> do you have any plans to fix CVE-2013-4396 in squeeze-backports?
> (Rationale: Tails ships Xorg from squeeze-backports.)
> 
> If you don't, may I assume that the following would work:
> 
>   1. set up a Squeeze + backports chroot
>   2. retrieve the xorg-server source package from squeeze-backports
>   3. add the patch that was applied in the Wheezy security update
>   4. build in the aforementioned chroot
> 
> ?
> 
That should work.  I think either the squeeze or the wheezy patch should
apply just fine, modulo whitespace.

Cheers,
Julien

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Fixing CVE-2013-4396 in squeeze-backports
  - From: intrigeri <intrigeri@debian.org>

Prev by Date: Bug#727281: Update config.{sub,guess} for AArch64
Next by Date: Processing of xserver-xorg-video-qxl_0.1.1-1_amd64.changes
Previous by thread: Fixing CVE-2013-4396 in squeeze-backports
Next by thread: Bug#727224: libdrm-dev: can safely be Multi-Arch: same
Index(es):
- Date
- Thread