[ubuntu/precise] xorg 1:7.6+12ubuntu1 (Accepted)

Timo Aaltonen tjaalton at ubuntu.com
Thu Mar 22 17:50:17 UTC 2012 

xorg (1:7.6+12ubuntu1) precise; urgency=low

  * Merge from Debian unstable.

xorg (1:7.6+12) unstable; urgency=high

  * Fix unsafe manipulation of /tmp/.X11-unix and /tmp/.ICE-unix in the
    x11-common init script.  A malicious user could trick us into changing
    ownership/permissions of an arbitrary directory, and elevate their
    privileges (closes: #661627).  Reference: CVE-2012-1093.  Thanks to
    "vladz", Tim Morgan and Bernhard R. Link for their help getting this right
    (any remaining bugs are my own).

xorg (1:7.6+11) unstable; urgency=low

  * Team upload.
  * debian/local/Xsession.d/35x11-common_xhost-local: add a new script
    to the default X session. It will give access to the running X
    server to the logged on user. This is useful for gdm3 which does not
    give access to $XAUTHORITY outside the session, but can also be of
    use for other display managers. Closes: #586685.

Date: Thu, 22 Mar 2012 19:42:07 +0200
Changed-By: Timo Aaltonen <tjaalton at ubuntu.com>
Maintainer: Ubuntu X-SWAT <ubuntu-x at lists.ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/xorg/1:7.6+12ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 22 Mar 2012 19:42:07 +0200
Source: xorg
Binary: x11-common xserver-xorg xserver-xorg-video-all xserver-xorg-input-all xorg xorg-dev xbase-clients xutils
Architecture: source
Version: 1:7.6+12ubuntu1
Distribution: precise
Urgency: high
Maintainer: Ubuntu X-SWAT <ubuntu-x at lists.ubuntu.com>
Changed-By: Timo Aaltonen <tjaalton at ubuntu.com>
Description: 
 x11-common - X Window System (X.Org) infrastructure
 xbase-clients - miscellaneous X clients - metapackage
 xorg       - X.Org X Window System
 xorg-dev   - X.Org X Window System development libraries
 xserver-xorg - X.Org X server
 xserver-xorg-input-all - X.Org X server -- input driver metapackage
 xserver-xorg-video-all - X.Org X server -- output driver metapackage
 xutils     - X Window System utility programs metapackage
Closes: 586685 661627
Changes: 
 xorg (1:7.6+12ubuntu1) precise; urgency=low
 .
   * Merge from Debian unstable.
 .
 xorg (1:7.6+12) unstable; urgency=high
 .
   * Fix unsafe manipulation of /tmp/.X11-unix and /tmp/.ICE-unix in the
     x11-common init script.  A malicious user could trick us into changing
     ownership/permissions of an arbitrary directory, and elevate their
     privileges (closes: #661627).  Reference: CVE-2012-1093.  Thanks to
     "vladz", Tim Morgan and Bernhard R. Link for their help getting this right
     (any remaining bugs are my own).
 .
 xorg (1:7.6+11) unstable; urgency=low
 .
   * Team upload.
   * debian/local/Xsession.d/35x11-common_xhost-local: add a new script
     to the default X session. It will give access to the running X
     server to the logged on user. This is useful for gdm3 which does not
     give access to $XAUTHORITY outside the session, but can also be of
     use for other display managers. Closes: #586685.
Checksums-Sha1: 
 ba60871244d16532d8d3978efa1c314815d0e25a 2058 xorg_7.6+12ubuntu1.dsc
 6c6e8ff042cb6b693564e8803f0b6bb0979c2953 927009 xorg_7.6+12ubuntu1.tar.gz
Checksums-Sha256: 
 5da785773d3f241d2b88418b7a3e78051c399366a427d4a0b0e3d05658bf28cb 2058 xorg_7.6+12ubuntu1.dsc
 7ae4524d2cbcf06f7f444816d84af1e187fd049c1a9b47747a776e62e88dfc59 927009 xorg_7.6+12ubuntu1.tar.gz
Files: 
 f158240277a951c1f7b0e44ae3fb3214 2058 x11 optional xorg_7.6+12ubuntu1.dsc
 f756cb4ee19c40fc2c3b3dc35a3ef0c6 927009 x11 optional xorg_7.6+12ubuntu1.tar.gz
Original-Maintainer: Debian X Strike Force <debian-x at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJPa2UeAAoJEMtwMWWoiYTcLfcP/iR4oBzHW10WMnu2AHJGPJ7T
3VoK9thy9aXLPr0V8Cxe5pcRf2rmfm/1/2YDpt7Tim97bah2p1P581oqCIFtU5Mw
euDa9betWzBE+dkhFtwD2u/kINvY8voq7fajse2WRNrzbZ1vIpVcRBL+rmvAdc3f
UbqKDTriDJObs29CVXpmbRL7QQyHHlFl8QtZULjUQocmHsKK1OUTSl6lQ4nxWiGZ
AjestpxYxkMEETWWGWkIFom9Xyl9koJtMzphsJImI5gyT/21VYr5UKUQXq1b4yUf
6hS3UiC1z7OBhMp5Mhu1prJgZz/sgb9U6r+NtmXM29VvTqkjshajR7MVl90lVt8E
yGILEHYuls0WMisWuEINYA5IwNrqwSibWuG0FL4jHpAfPpLc3JoQeEp5rO1uDxUS
MptVDWkESMWdZh/28W7VfgAZ15bArrcLj2WdAHukgLTaFrqPtElScRWJFeDW80zW
xe00BJH7TAAlqGLBTfSrheQkHDuvR2xaGbNBxXI/l/x3njn4SbmxoMpzV5C2lg0n
SdZRDVZMshFlWDDtIPx82uy0Jl0yxhMNApIjIu1hjdV3xQzj1Onx40LQ51ETavIC
x82wOM9R2cDFZtyfV4xEounF5CPRLqEjdWZTTClaxJe0AZnjq6lNiKMKTrrjxGIh
rSExfqRPox95wQnOTCRI
=Mkwb
-----END PGP SIGNATURE-----

More information about the Precise-changes mailing list