From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: [PATCH 0/8] Xorg security updates for the master branch Date: Wed, 5 Oct 2016 17:38:12 -0400 Message-ID: <20161005213812.GA13858@jasmine> References: <87shsa5wdb.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:40868) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1brttY-0004pU-Jq for guix-devel@gnu.org; Wed, 05 Oct 2016 17:38:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1brttT-00047Z-88 for guix-devel@gnu.org; Wed, 05 Oct 2016 17:38:32 -0400 Content-Disposition: inline In-Reply-To: <87shsa5wdb.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?iso-8859-1?Q?Court=E8s?= Cc: guix-devel@gnu.org On Wed, Oct 05, 2016 at 11:17:20PM +0200, Ludovic Courtès wrote: > Leo Famulari skribis: > > > There is an Xorg security advisory: > > https://lists.freedesktop.org/archives/xorg/2016-October/058344.html > > > > This patch series applies the patches recommended by upstream using > > grafts. > > > > Leo Famulari (8): > > gnu: libx11: Fix CVE-2016-{7942,7943}. > > gnu: libxfixes: Fix CVE-2016-7944. > > gnu: libxi: Fix CVE-2016-{7945,7946}. > > gnu: libxrandr: Fix CVE-2016-{7947,7948}. > > gnu: libxrender: Fix CVE-2016-{7949,7950}. > > gnu: libxtst: Fix CVE-2016-{7951,7952}. > > gnu: libxv: Fix CVE-2016-5407. > > gnu: libxvmc: Fix CVE-2016-7953. > > This all LGTM. > > I tested by (1) building and a running a couple of grafted X clients > talking to my (ungrafted) X server, and (2) building my laptop’s config > with ‘guix system vm’ and checking that both the X server and typical X > clients functioned. Thank you for testing! > So I think this can go in on master. Pushed! > (On core-updates it’s probably best to upgrade these libraries instead > of patching them, as you wrote on IRC.) I'll send those in a couple hours.