Revisions of xorg-x11-server
Stefan Lijewski (lijews)
accepted
request 174636
from
Stefan Lijewski (lijews)
(revision 5)
- U_xf86-fix-flush-input-to-work-with-Linux-evdev-device.patch * So when we VT switch back and attempt to flush the input devices, we don't succeed because evdev won't return part of an event, since we were only asking for 4 bytes, we'd only get -EINVAL back. This could later cause events to be flushed that we shouldn't have gotten. This is a fix for CVE-2013-1940. (bnc#814653)
Stefan Lijewski (lijews)
committed
(revision 4)
Stefan Lijewski (lijews)
committed
(revision 3)
removed _link
Stefan Lijewski (lijews)
accepted
request 89751
from
Michal Kubeček (mkubecek)
(revision 2)
Fixes for two vulnerabilities in X server announced in http://lists.freedesktop.org/archives/xorg-announce/2011-October/001744.html CVE-2011-4028: File disclosure vulnerability: It is possible to deduce if a file exists or not by exploiting the way that Xorg creates its lock files. This is caused by the fact that the X server is behaving differently if the lock file already exists as a symbolic link pointing to an existing or non-existing file. CVE-2011-4029: File permission change vulnerability: It is possible for a non-root user to set the permissions for all users on any file or directory to 444, giving unwanted read access or causing denies of service (by removing execute permission). This is caused by a race between creating the lock file and setting its access modes. Removed unused patches 165-167 to make "osc commit" stop complaining.
unknown
committed
(revision 1)
Displaying all 5 revisions