[X2Go-Dev] Status of fixing CVE-2015-0255 (2015-02-10)
Michael DePaulo
mikedep333 at gmail.com
Mon Feb 16 14:14:28 CET 2015
I am looking into fixing the recently announced X.org vulnerability
(CVE-2015-0255) in nx-libs.
http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/
It looks like nx-libs is affected.
It also looks like some distros (Fedora, Debian) have fixed it, while
others (RHEL 5, 6 and 7, Debian LTS) have not.
It also looks like the X.org 1.16.x commits are easier to apply to
nx-libs than the X.org 1.17.x commits are. The 1.17.x commits are
linked to on that advisory page.
The X.org 1.16.x commits are here:
the branch:
http://cgit.freedesktop.org/xorg/xserver/log/?h=server-1.16-branch
the prereq:
http://cgit.freedesktop.org/xorg/xserver/commit/?h=server-1.16-branch&id=747cea16c4de1f48e838e1388301a2e24a3da6c4
the fix itself:
http://cgit.freedesktop.org/xorg/xserver/commit/?h=server-1.16-branch&id=8f61533b16635a0a13f4048235246edb138fa40b
-Mike#2
More information about the x2go-dev
mailing list