On 04/22/2013 11:53 AM, Kraus, Dave (GE Healthcare) wrote:
>
> We are in the midst of doing an updated 6.3 spin for our customers, and the 
> bump in xorg-x11-server and associated packages from 1.10 to 1.13 and the 
> ABI change on the driver side is causing heartburn for some.
>
> We've been going around and around about whether to do this inclusion, and 
> I'm just realizing that I can't find either the errata announcement or any 
> documentation from anyone on fixed CVEs driving inclusion in the 
> updates/security repo.
>
> Am I blind? Would appreciate a pointer or rationale about how this got into 
> security, rather than fastbugs.
>
> I know I'm missing something...
>
> Thanks.
>

I believe you are hunting the announcement from March 14 2013 on Core X11 clients.

The full X stack got updated as part of an attempt to avoid a repeat of what 
happened July 2012.  In July 2012 there as an X.org security update which 
caused some compatibility problems.  There is a good summary in the archives 
(July 16th I believe).

As part of our attempt to avoid a repeat and help keep things safe.

I sent an email to Scientific Linux Users on March 4th 2013 explaining a bit 
more on that front.

These were a bit buried under a few others, I'm not shocked you had a hard 
time finding them.

Pat

-- 
Pat Riehecky

Scientific Linux developer
http://www.scientificlinux.org/