On Wed, 28 Sep 2005, jayjwa wrote:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2495
CAN-2005-2495:
This issue seems to effect both Xfree86 and X.Org versions of X. Many linux
distro's have now begun to patch. Debian's advisory is really
unclear, as they seem to imply that only versions *before* XFree86 4.30
are affected. Checking out some of the links and advisories from the
other distro's, I find this Slackware one, which implies current X.Org
is affected:
[...]
So are XFree86's version 4.5.0 binaries off their web/ftp servers affected
or not? It would appear that before 4.3.0 of XFree86 only is, but then
why would Slackware Linux and Mandrake be going so far as to replace
current X.Org stuff?
Any X server based on what used to be called the Sample Implementation is
affected. That includes all releases of XFree86 and X.Org.
Only one problem, there doesn't seem to BE a security upgrade for XFree86.
There is a source patch available on our ftp server. It merely has yet to be
announced.
In summary, can users expect fixed binary releases, or prehaps they already
are patched (no info about this on the XFree86 website)? If it IS just the
Xserver itself, (that is, the XFree86/X binary) I can probably rob a patched
one from some distro's "package". What are other users doing about this?
We currently have no plans to provide updated binaries, nor to back-port our
fix to prior releases as others have done. We are about to embark onto a new
release cycle anyway.
Marc.
+----------------------------------+-----------------------------------+
| Marc Aurele La France | work: 1-780-492-9310 |
| Academic Information and | fax: 1-780-492-1729 |
| Communications Technologies | email: tsi@xxxxxxxxxxx |
| 352 General Services Building +-----------------------------------+
| University of Alberta | |
| Edmonton, Alberta | Standard disclaimers apply |
| T6G 2H1 | |
| CANADA | |
+----------------------------------+-----------------------------------+
XFree86 developer and VP. ATI driver and X server internals.
_______________________________________________
XFree86 mailing list
XFree86@xxxxxxxxxxx
http://XFree86.Org/mailman/listinfo/xfree86