[ubuntu/maverick-security] xorg-server 2:1.9.0-0ubuntu7.5 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Oct 18 16:04:48 UTC 2011 

xorg-server (2:1.9.0-0ubuntu7.5) maverick-security; urgency=low

  * SECURITY UPDATE: file existence disclosure
    - debian/patches/210_CVE-2011-4028.patch: open lockfile with O_NOFOLLOW
      in os/utils.c.
    - CVE-2011-4028
  * SECURITY UPDATE: privilege escalation via file permission change
    - debian/patches/211_CVE-2011-4029.patch: use fchmod to prevent race
      in os/utils.c.
    - CVE-2011-4029
  * SECURITY UPDATE: denial of service and possible code execution via
    incorrect input sanitization
    - debian/patches/212_CVE-2010-4818.patch: validate sizes and arguments
      in glx/{glxcmds,glxcmdsswap,xfont}.c.
    - CVE-2010-4818

Date: Fri, 14 Oct 2011 06:00:40 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu X-SWAT <ubuntu-x at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/xorg-server/2:1.9.0-0ubuntu7.5
-------------- next part --------------
Format: 1.8
Date: Fri, 14 Oct 2011 06:00:40 -0400
Source: xorg-server
Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-xfbdev xserver-xorg-core-dbg xserver-common
Architecture: source
Version: 2:1.9.0-0ubuntu7.5
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu X-SWAT <ubuntu-x at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 xdmx       - distributed multihead X server
 xdmx-tools - Distributed Multihead X tools
 xnest      - Nested X server
 xserver-common - common files used by various X servers
 xserver-xephyr - nested X server
 xserver-xfbdev - Linux framebuffer device tiny X server
 xserver-xorg-core - Xorg X server - core server
 xserver-xorg-core-dbg - Xorg - the X.Org X server (debugging symbols)
 xserver-xorg-core-udeb - Xorg X server - core server (udeb)
 xserver-xorg-dev - Xorg X server - development files
 xvfb       - Virtual Framebuffer 'fake' X server
Changes: 
 xorg-server (2:1.9.0-0ubuntu7.5) maverick-security; urgency=low
 .
   * SECURITY UPDATE: file existence disclosure
     - debian/patches/210_CVE-2011-4028.patch: open lockfile with O_NOFOLLOW
       in os/utils.c.
     - CVE-2011-4028
   * SECURITY UPDATE: privilege escalation via file permission change
     - debian/patches/211_CVE-2011-4029.patch: use fchmod to prevent race
       in os/utils.c.
     - CVE-2011-4029
   * SECURITY UPDATE: denial of service and possible code execution via
     incorrect input sanitization
     - debian/patches/212_CVE-2010-4818.patch: validate sizes and arguments
       in glx/{glxcmds,glxcmdsswap,xfont}.c.
     - CVE-2010-4818
Checksums-Sha1: 
 c5fcdc9444de8d01cfbca27495c40276271b4ba1 4181 xorg-server_1.9.0-0ubuntu7.5.dsc
 0cf99418e15770d55e0901fb971060e9c6c2366a 423393 xorg-server_1.9.0-0ubuntu7.5.diff.gz
Checksums-Sha256: 
 eb92a83d5771d3c6d6f162be448b48a97f4d2b7bc6ef7325d38cb97f6f4e0130 4181 xorg-server_1.9.0-0ubuntu7.5.dsc
 a478323a2ae52846f074c083320ea113b91f0aa448ec3f6719c01bfd82e7d066 423393 xorg-server_1.9.0-0ubuntu7.5.diff.gz
Files: 
 1fc916f54b971edfb122c6ef9f239e8f 4181 x11 optional xorg-server_1.9.0-0ubuntu7.5.dsc
 61cf72b85bec4e4f4c3993cd5e39a45d 423393 x11 optional xorg-server_1.9.0-0ubuntu7.5.diff.gz
Original-Maintainer: Debian X Strike Force <debian-x at lists.debian.org>

More information about the Maverick-changes mailing list