lp:ubuntu/feisty-security/xorg-server

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

49. By Bryce Harrington on 2008-06-11

 * Fix multiple security issues:
   + CVE-2008-2360 - RENDER Extension heap buffer overflow
   + CVE-2008-2361 - RENDER Extension crash
   + CVE-2008-2362 - RENDER Extension memory corruption
   + CVE-2008-1379 - MIT-SHM arbitrary memory read
   + CVE-2008-1377 - RECORD and Security extensions memory corruption

48. By Kees Cook on 2008-01-18

* SECURITY UPDATE: multiple memory corruption flaws.
* Re-applied security patches from 2:1.2.0-3ubuntu8.1.
* Updated fix_CVE-2007-6429.patch: upstream fixes for bbp < 8
  crash regressions.
* References
  http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=e9fa7c1c88a8130a48f772c92b186b8b777986b5

47. By Martin Pitt on 2008-01-18

Revert previous security patch since it causes regressions.
(LP: #183969)

46. By Kees Cook on 2008-01-17

* SECURITY UPDATE: multiple memory corruption flaws.
* Added fix_CVE-2007-5958.patch: upstream fix from Matthieu Herrb.
* Added fix_CVE-2007-5760.patch: backported upstream fixes
  (bbde5b62a137ba726a747b838d81e92d72c1b42b) for XFree86 Misc extension out
  of bounds array index.
* Added fix_CVE-2007-6427.patch: backported upstream fixes
  (dd5e0f5cd5f3a87fee86d99c073ffa7cf89b0a27) for Xinput extension memory
  corruption.
* Added fix_CVE-2007-6428.patch: backported upstream fixes
  (7dc1717ff0f96b99271a912b8948dfce5164d5ad) for TOG-cup extension memory
  corruption.
* Added fix_CVE-2007-6429.patch: backported upstream fixes
  (6de61f82728df22ea01f9659df6581b87f33f11d) for MIT-SHM and EVI extensions
  integer overflows.
* Added fix_CVE-2008-0006.patch: backported upstream fixes
  (8e133d96740d010a4fd969a8188e6e71fb2cafe2) for PCF Font parser buffer
  overflow.

45. By Kees Cook on 2007-03-29

* SECURITY UPDATE: arbitrary code execution with root privs via integer
  overflows in MISC-XC.
* Add debian/patches/131_misc_xc_overflows.patch: upstream fixes.
* References
  CVE-2007-1003

44. By Timo Aaltonen on 2007-03-30

* debian/patches/120_fedora_disable_offscreen_pixmaps.patch
  - update to the latest version from Fedora (rev. 1.6, was 1.1)

43. By Timo Aaltonen on 2007-03-29

* debian/{rules,xsfbs/xsfbs.mk,serverminver,inputabiver}
  - Import changes from current debian package, needed for the new intel
    driver.
  - Rename serverabiver to videoabiver, value 1.0.
  - Set serverminver as this version.
* debian/patches:
  129_remove_extra_i2c_bittimeout.patch
  130_slow_down_ddc_i2c.patch
  - Patches from server-1.3 branch, which make probing the monitor more
    robust.

42. By Timo Aaltonen on 2007-03-27

* debian/patches/120_fedora_disable_offscreen_pixmaps.diff
  - Re-enable. Despite being a hack, it works and is needed for compositing
    managers to work properly. (LP: #89189)

41. By Timo Aaltonen on 2007-03-17

* debian/patches/107_fedora_dont_backfill_bg_none.patch:
  - Re-enable to see if it helps with performance regressions.
* debian/patches/127_check_for_clientgone.patch:
  - A fix from upstream. (LP: #60288)
* debian/patches/128_fix_client_privates_leak.patch
  - Plug a memory leak. (LP: #92882)
* debian/rules
  - Fix a typo in --with-default-font-path.

40. By Timo Aaltonen on 2007-02-28

* debian/patches:
  - Rename 019_ubuntu_enable_composite.diff to 119_* so that it is in line
    with the rest of our patches
  - Re-add 126_debian_always_use_default_font_path.diff. This was dropped
    by Debian but needed by us since we still have legacy fontpaths in
    old configurations, so new paths need to be appended to the list.