[X2Go-Dev] Status of fixing CVE-2015-0255 (2015-02-10)
Mihai Moldovan
ionic at ionic.de
Tue Feb 17 18:48:26 CET 2015
On 17.02.2015 02:39 PM, Michael DePaulo wrote:
> On Mon, Feb 16, 2015 at 8:14 AM, Michael DePaulo <mikedep333 at gmail.com> wrote:
>> I am looking into fixing the recently announced X.org vulnerability
>> (CVE-2015-0255) in nx-libs.
>> http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/
>>
>> It looks like nx-libs is affected.
>>
>> It also looks like some distros (Fedora, Debian) have fixed it, while
>> others (RHEL 5, 6 and 7, Debian LTS) have not.
>>
>> It also looks like the X.org 1.16.x commits are easier to apply to
>> nx-libs than the X.org 1.17.x commits are. The 1.17.x commits are
>> linked to on that advisory page.
>>
>> The X.org 1.16.x commits are here:
>> the branch:
>> http://cgit.freedesktop.org/xorg/xserver/log/?h=server-1.16-branch
>> the prereq:
>> http://cgit.freedesktop.org/xorg/xserver/commit/?h=server-1.16-branch&id=747cea16c4de1f48e838e1388301a2e24a3da6c4
>> the fix itself:
>> http://cgit.freedesktop.org/xorg/xserver/commit/?h=server-1.16-branch&id=8f61533b16635a0a13f4048235246edb138fa40b
>>
>> -Mike#2
> Status Update:
>
> I managed to backport the prereq commit to nx-libs 3.6.x.
> http://code.x2go.org/gitweb?p=nx-libs.git;a=commit;h=a1cd16d6d05b197fff110d26b458d8bd6cf3c560
LGTM, thanks!
Mihai
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20150217/6335a3e7/attachment.pgp>
More information about the x2go-dev
mailing list