[ubuntu/precise] xorg 1:7.6+12ubuntu1 (Accepted)
Timo Aaltonen
tjaalton at ubuntu.com
Thu Mar 22 17:50:17 UTC 2012
xorg (1:7.6+12ubuntu1) precise; urgency=low
* Merge from Debian unstable.
xorg (1:7.6+12) unstable; urgency=high
* Fix unsafe manipulation of /tmp/.X11-unix and /tmp/.ICE-unix in the
x11-common init script. A malicious user could trick us into changing
ownership/permissions of an arbitrary directory, and elevate their
privileges (closes: #661627). Reference: CVE-2012-1093. Thanks to
"vladz", Tim Morgan and Bernhard R. Link for their help getting this right
(any remaining bugs are my own).
xorg (1:7.6+11) unstable; urgency=low
* Team upload.
* debian/local/Xsession.d/35x11-common_xhost-local: add a new script
to the default X session. It will give access to the running X
server to the logged on user. This is useful for gdm3 which does not
give access to $XAUTHORITY outside the session, but can also be of
use for other display managers. Closes: #586685.
Date: Thu, 22 Mar 2012 19:42:07 +0200
Changed-By: Timo Aaltonen <tjaalton at ubuntu.com>
Maintainer: Ubuntu X-SWAT <ubuntu-x at lists.ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/xorg/1:7.6+12ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 22 Mar 2012 19:42:07 +0200
Source: xorg
Binary: x11-common xserver-xorg xserver-xorg-video-all xserver-xorg-input-all xorg xorg-dev xbase-clients xutils
Architecture: source
Version: 1:7.6+12ubuntu1
Distribution: precise
Urgency: high
Maintainer: Ubuntu X-SWAT <ubuntu-x at lists.ubuntu.com>
Changed-By: Timo Aaltonen <tjaalton at ubuntu.com>
Description:
x11-common - X Window System (X.Org) infrastructure
xbase-clients - miscellaneous X clients - metapackage
xorg - X.Org X Window System
xorg-dev - X.Org X Window System development libraries
xserver-xorg - X.Org X server
xserver-xorg-input-all - X.Org X server -- input driver metapackage
xserver-xorg-video-all - X.Org X server -- output driver metapackage
xutils - X Window System utility programs metapackage
Closes: 586685 661627
Changes:
xorg (1:7.6+12ubuntu1) precise; urgency=low
.
* Merge from Debian unstable.
.
xorg (1:7.6+12) unstable; urgency=high
.
* Fix unsafe manipulation of /tmp/.X11-unix and /tmp/.ICE-unix in the
x11-common init script. A malicious user could trick us into changing
ownership/permissions of an arbitrary directory, and elevate their
privileges (closes: #661627). Reference: CVE-2012-1093. Thanks to
"vladz", Tim Morgan and Bernhard R. Link for their help getting this right
(any remaining bugs are my own).
.
xorg (1:7.6+11) unstable; urgency=low
.
* Team upload.
* debian/local/Xsession.d/35x11-common_xhost-local: add a new script
to the default X session. It will give access to the running X
server to the logged on user. This is useful for gdm3 which does not
give access to $XAUTHORITY outside the session, but can also be of
use for other display managers. Closes: #586685.
Checksums-Sha1:
ba60871244d16532d8d3978efa1c314815d0e25a 2058 xorg_7.6+12ubuntu1.dsc
6c6e8ff042cb6b693564e8803f0b6bb0979c2953 927009 xorg_7.6+12ubuntu1.tar.gz
Checksums-Sha256:
5da785773d3f241d2b88418b7a3e78051c399366a427d4a0b0e3d05658bf28cb 2058 xorg_7.6+12ubuntu1.dsc
7ae4524d2cbcf06f7f444816d84af1e187fd049c1a9b47747a776e62e88dfc59 927009 xorg_7.6+12ubuntu1.tar.gz
Files:
f158240277a951c1f7b0e44ae3fb3214 2058 x11 optional xorg_7.6+12ubuntu1.dsc
f756cb4ee19c40fc2c3b3dc35a3ef0c6 927009 x11 optional xorg_7.6+12ubuntu1.tar.gz
Original-Maintainer: Debian X Strike Force <debian-x at lists.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJPa2UeAAoJEMtwMWWoiYTcLfcP/iR4oBzHW10WMnu2AHJGPJ7T
3VoK9thy9aXLPr0V8Cxe5pcRf2rmfm/1/2YDpt7Tim97bah2p1P581oqCIFtU5Mw
euDa9betWzBE+dkhFtwD2u/kINvY8voq7fajse2WRNrzbZ1vIpVcRBL+rmvAdc3f
UbqKDTriDJObs29CVXpmbRL7QQyHHlFl8QtZULjUQocmHsKK1OUTSl6lQ4nxWiGZ
AjestpxYxkMEETWWGWkIFom9Xyl9koJtMzphsJImI5gyT/21VYr5UKUQXq1b4yUf
6hS3UiC1z7OBhMp5Mhu1prJgZz/sgb9U6r+NtmXM29VvTqkjshajR7MVl90lVt8E
yGILEHYuls0WMisWuEINYA5IwNrqwSibWuG0FL4jHpAfPpLc3JoQeEp5rO1uDxUS
MptVDWkESMWdZh/28W7VfgAZ15bArrcLj2WdAHukgLTaFrqPtElScRWJFeDW80zW
xe00BJH7TAAlqGLBTfSrheQkHDuvR2xaGbNBxXI/l/x3njn4SbmxoMpzV5C2lg0n
SdZRDVZMshFlWDDtIPx82uy0Jl0yxhMNApIjIu1hjdV3xQzj1Onx40LQ51ETavIC
x82wOM9R2cDFZtyfV4xEounF5CPRLqEjdWZTTClaxJe0AZnjq6lNiKMKTrrjxGIh
rSExfqRPox95wQnOTCRI
=Mkwb
-----END PGP SIGNATURE-----
More information about the Precise-changes
mailing list