From 3988215ba677a37047a518d2dd355892c61b9351 Mon Sep 17 00:00:00 2001 From: Donnie Berkholz Date: Fri, 1 Feb 2008 21:47:36 +0000 Subject: (#208343) Another security bump, with two fixes. CVE-2007-6429: The old fix for the MIT_SHM patch failed to check for the security issue in all cases. CVE-2007-3920: The second fix is primarily for compiz users. There was a patch in compiz for this but it was again an incomplete fix, because it assumed the problem could only be caused by a specifically named executable. (Portage version: 2.1.4) (Signed Manifest commit) --- x11-base/xorg-server/Manifest | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'x11-base') diff --git a/x11-base/xorg-server/Manifest b/x11-base/xorg-server/Manifest index fbd01b08e3ba..3b9f8682d5df 100644 --- a/x11-base/xorg-server/Manifest +++ b/x11-base/xorg-server/Manifest @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + AUX 1.2.0-fix-amd-cpu-detection.patch 1715 RMD160 7290fd57dc2a9e2dd8edbe08da5074a30815486c SHA1 b749e5ac35fad295fd7a1f13cfee2e42a2a06035 SHA256 0126a880eb5f21eb8dbbd119a425e7412b37689e1321c2b9ff63c5dc8de47f6a AUX 1.2.0-properly-free-device-devprivates-memory-leak-fix.patch 1199 RMD160 c55891ff6797d1b161524cd5c3e9a4382ec0bcad SHA1 98e07d5a542bc1e990921234f8f6399120ae5a63 SHA256 ba60d2fbb7944da45344f5ffc1431bf0e812ab861f4455522592ecb0c475138c AUX 1.2.0-typo-fix.patch 1321 RMD160 237c072869df15afbc2b35dfd8cc6e5143cb59f9 SHA1 3a22190fde5487b84c0d9a8862421f102bf41c63 SHA256 9dbf526f9cb3bf2596ffdc1795eda16181384db33562daf4fd1ddb359b5a77bd @@ -19,6 +22,8 @@ AUX 1.4-0004-Fix-for-CVE-2007-6429-MIT-SHM-and-EVI-extensions-i.patch 6830 RMD16 AUX 1.4-0005-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch 912 RMD160 c931db35d87a94a89db7fdfd9826565b94b8803f SHA1 e258c3f9c03fc92473daf8ae18ee0d0fa47e26ac SHA256 39ec99f6643b73951a5a5ed14c54c227885b7411da76ecec3c923fd8189c6364 AUX 1.4-0006-Fix-for-CVE-2007-5958-File-existence-disclosure.patch 870 RMD160 adbc9a110c0e7aef884f5ea9c61148688ac441e5 SHA1 a9c8e1bb513073304d465ad0079c1dd452d053d6 SHA256 d1545329c64f492acc9935df68b31d513d3f1ddcfc5f821224a33761cf4b5c81 AUX 1.4-0007-CVE-2007-6429-Don-t-spuriously-reject-8bpp-shm-pix.patch 2594 RMD160 0197f2ef4e2734e3f82d94fb9aefd6b77b287c8a SHA1 d2d3666ac30bc5b541b8bf30fe5de157dbb79c9a SHA256 69c8eb09cbf978bbdaef1ae9537778bcf40c7c67bbfeab0b5753e5538147a4ce +AUX 1.4-0008-CVE-2007-6429-Always-test-for-size-offset-wrapping.patch 1332 RMD160 0dc6a97eb653306d4f454707f274644d8564fbf2 SHA1 295bd873f26d01094b458449a99ffa708b5cc45d SHA256 f6c5949c3843f2cda8eb19ec2cd252ee53a3868ab0bc886272b5e95db81d39c2 +AUX 1.4-0009-Don-t-break-grab-and-focus-state-for-a-window-when-r.patch 1353 RMD160 31bc8d452d1959f80580555489007fcc77d8780b SHA1 1a1c33a8097e301623d6ec7abebb23b3ac87c570 SHA256 2641e629e83cfa536cc7e765fdcc79bae217deddf892349bbde17a4fb6c76059 AUX 1.4-document-new-font-catalogs.patch 4540 RMD160 92e450666e840fefb8604dc664ce0276e01c28d7 SHA1 6bf78fde99494b047658836adfa35b5d75224214 SHA256 8a73f0a01235c6cb1acefa09a726f68089fc10c1d68ffdf2e1b57091caafbbfd AUX 1.4-dont-hang-openoffice.patch 2235 RMD160 cc208574ad07d806f71fc6be79796594601c0894 SHA1 f82487057211b699bdca0874f5ec9bbec9ccdf40 SHA256 bbd05d1ff0e7f97b7ec11c7ebdd32cdcf8984b69d1dc87b46cc66133895e2644 AUX 1.4-fix-dmx-build.patch 509 RMD160 699daf15f9ff4878a1583acaf5bc7c01afb5904c SHA1 0b627c0d98e50f0d29dacc3fa7e8e9d8b1ad3faf SHA256 4a01681656d09780dd15696804ce8210a4a5324bf63c33a7692e8971fbeb1843 @@ -41,6 +46,15 @@ DIST xorg-server-1.3.0.0.tar.bz2 5968263 RMD160 1a4fecd73aed0d5adabe84066c24ce69 DIST xorg-server-1.4.0.90.tar.bz2 6315011 RMD160 181b3c682710265df3c6ed30e164be9290f1f39e SHA1 7c492ac32bd83b521f5c016e4728fccf9cba55db SHA256 b89f2d17be5ba71e3cc25379e18155c55ea36ba94ac1abae953214f13c020ffe EBUILD xorg-server-1.3.0.0-r2.ebuild 17322 RMD160 d54594444e07b2756c5802731f4311425da6b3c0 SHA1 337ed873f75cc3504810144a8bf0bf20bee38879 SHA256 4dbf0c4eadc24eecce16a4e3ab18c9440f1f8fa5d50e03dc1dcd5290f2d29c2a EBUILD xorg-server-1.3.0.0-r4.ebuild 17872 RMD160 caf61a35a2486a3248dab00dc2a928dd2e11e015 SHA1 2552f8fc12bc8b446e65b912dbd86f7cf4019ec5 SHA256 fcf3d38047d812e887769b17ffe7c94035fc6376bc6b307b04190851bb3ed19c +EBUILD xorg-server-1.3.0.0-r5.ebuild 18045 RMD160 1e812baf0dad3c3b25dcf345263f810eeb55cefd SHA1 3ddcd7cdb2171a9a5eebde40550dd78d637daef8 SHA256 7a31b27fb6b4942cc3376b477e9840666df853bee6246d8b4ede6cc7598a9d23 EBUILD xorg-server-1.4.0.90-r2.ebuild 19373 RMD160 32156d552ce1ef0728e8dec432faad78a07bc882 SHA1 a35f3d2d84618ddc300022672068a4de3f9be5b3 SHA256 807bcb8aa7411bf67b2b7eef2635c585e9740ed6bcee292613ad0395a7e5daab -MISC ChangeLog 67526 RMD160 7fe5e6743294a12dde6b1cca03910c9112e87bf5 SHA1 585c3fdfcff097317d1393a69b69257d277a1795 SHA256 3a955662743c2f476349c323490e1d901d1829e446a903d95ed932f730758e73 +EBUILD xorg-server-1.4.0.90-r3.ebuild 19533 RMD160 50d127d94ef5312adc28f76115c3c6f3d2e94edc SHA1 f749fc9a13835237bf34b68d9357d4f886072459 SHA256 ed4ff127608f4d673b97f515b94490c3f4e087c2c47d14f120655aabcd974b95 +MISC ChangeLog 68265 RMD160 2f5c87bb88d387e8cbdc3f0b97cdcfe445929557 SHA1 73ad54b12260c630c7003d91cdc655a73a91cf0b SHA256 fa4841bdf1589e7d830c295d699dfa97542e67fb9a486816d38d3ab67c926f36 MISC metadata.xml 156 RMD160 c1274bdccf57603d580de0075ba07a35b7509560 SHA1 6f78f604e3d079d39189b40aaaa1ddb06182ad91 SHA256 5101ab0d4cc8c7125eea733c44e86962769bd77acaf53b69223b9cadcdd29055 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.7 (GNU/Linux) + +iD8DBQFHo5N1XVaO67S1rtsRApAhAKDBj6c61nwrLO0sP4wvUrRnmN1ywgCdH/GD +fERi1nnAA62sJ4jG3neBegU= +=Kciu +-----END PGP SIGNATURE----- -- cgit v1.2.3-65-gdbad