Your message dated Thu, 12 Jun 2008 00:12:04 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#485860: xserver-xorg-core: iDefense Security Advisory
06.11.08
has caused the Debian Bug report #485860,
regarding xserver-xorg-core: iDefense Security Advisory 06.11.08
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
485860: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485860
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: xserver-xorg-core
Version: 2:1.1.1-21etch4
Severity: grave
Tags: security
Justification: user security hole
iDefense has reported Xorg security issues:
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension
AllocateGlyph() Integer Overflow Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062770.html
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension
ProcRenderCreateCursor() Integer Overflow Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062771.html
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension
Gradient Creation Integer Overflow Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062772.html
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Record and
Security Extensions Multiple Memory Corruption Vulnerabilities
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062773.html
iDefense Security Advisory 06.11.08: Multiple Vendor X Server MIT-SHM Extension
Information Disclosure Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062774.html
They all refer to:
X.Org security advisory june 2008 - Multiple vulnerabilities in X server
extensions
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
I wonder if Debian is affected by these issues.
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- Package-specific info:
[Snipped: checks, listings of xorg.conf and Xorg.0.log]
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-pk02.15-svr
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages xserver-xorg-core depends on:
ii libc6 2.3.6.ds1-13etch5 GNU C Library: Shared libraries
ii libfontenc1 1:1.0.2-2 X11 font encoding library
ii libgcc1 1:4.1.1-21 GCC support library
ii libxau6 1:1.0.1-2 X11 authorisation library
ii libxdmcp6 1:1.0.1-2 X11 Display Manager Control Protoc
ii libxfont1 1:1.2.2-2.etch1 X11 font rasterisation library
ii x11-common 1:7.1.0-19 X Window System (X.Org) infrastruc
ii xserver-xorg 1:7.1.0-19 the X.Org X server
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages xserver-xorg-core recommends:
ii xfonts-base 1:1.0.0-4 standard fonts for X
ii xkb-data 0.9-4 X Keyboard Extension (XKB) configu
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 2:1.1.1-21etch5
Thanks, we are well aware and updated packages have been released for both sid
and etch.
cheers,
Thijs
--- End Message ---
