[oi-dev] Security patch for Xorg 19.x

[Udo Grabowski (IMK)]

On 30/10/2018 11:25, Peter Tribble wrote:
>
>
> On Tue, Oct 30, 2018 at 10:13 AM Udo Grabowski (IMK) <udo.grabowski at kit.edu
> <mailto:udo.grabowski at kit.edu>> wrote:
>
>     This Xorg patch should be immediately merged in Hipster:
>
>
> It was merged and updated packages published last Thursday, by the looks of it:
>
> commit b694face8cd955399d90fae658d6a01fb1fa9c5b
> Author: Aurelien Larcher <aurelien.larcher at gmail.com
> <mailto:aurelien.larcher at gmail.com>>
> Date:   Thu Oct 25 19:31:53 2018 +0200
>
>     xorg-server: CVE-2018-14665
>
>
>
>     <https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e>
>
>     That check had been part of older Xorgs ,e.g., on oi_151a9.
>
>     See the really nasty CVE-2018-14665:
>     <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665>
>     --
> ...
> --
> -Peter Tribble
> http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/

Indeed, didn't find x11 because I was on the wrong branch
<https://github.com/OpenIndiana/oi-userland/tree/upstream/components>
instead of
<https://github.com/OpenIndiana/oi-userland/tree/oi/hipster/components>

Security bugs like that completely destroy my approach of jumping
from one 'stable' release to the next, so the only secure way is indeed
a rolling release if you don't have enough manpower to maintain a
cherry-picking 'stable' major-bugfix-only branch.
-- 
Dr.Udo Grabowski   Inst.f.Meteorology & Climate Research IMK-ASF-SAT
http://www.imk-asf.kit.edu/english/sat.php
KIT - Karlsruhe Institute of Technology           http://www.kit.edu
Postfach 3640,76021 Karlsruhe,Germany T:(+49)721 608-26026 F:-926026

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5227 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://openindiana.org/pipermail/oi-dev/attachments/20181030/678596e6/attachment-0005.bin>