Subject: | |
From: | |
Reply To: | |
Date: | Mon, 22 Apr 2013 12:03:57 -0500 |
Content-Type: | multipart/alternative |
Parts/Attachments: |
|
|
On 04/22/2013 11:53 AM, Kraus, Dave (GE Healthcare) wrote:
>
> We are in the midst of doing an updated 6.3 spin for our customers, and the
> bump in xorg-x11-server and associated packages from 1.10 to 1.13 and the
> ABI change on the driver side is causing heartburn for some.
>
> We've been going around and around about whether to do this inclusion, and
> I'm just realizing that I can't find either the errata announcement or any
> documentation from anyone on fixed CVEs driving inclusion in the
> updates/security repo.
>
> Am I blind? Would appreciate a pointer or rationale about how this got into
> security, rather than fastbugs.
>
> I know I'm missing something...
>
> Thanks.
>
I believe you are hunting the announcement from March 14 2013 on Core X11 clients.
The full X stack got updated as part of an attempt to avoid a repeat of what
happened July 2012. In July 2012 there as an X.org security update which
caused some compatibility problems. There is a good summary in the archives
(July 16th I believe).
As part of our attempt to avoid a repeat and help keep things safe.
I sent an email to Scientific Linux Users on March 4th 2013 explaining a bit
more on that front.
These were a bit buried under a few others, I'm not shocked you had a hard
time finding them.
Pat
--
Pat Riehecky
Scientific Linux developer
http://www.scientificlinux.org/
|
|
|