On 04/22/2013 11:53 AM, Kraus, Dave (GE Healthcare) wrote: > > We are in the midst of doing an updated 6.3 spin for our customers, and the > bump in xorg-x11-server and associated packages from 1.10 to 1.13 and the > ABI change on the driver side is causing heartburn for some. > > We've been going around and around about whether to do this inclusion, and > I'm just realizing that I can't find either the errata announcement or any > documentation from anyone on fixed CVEs driving inclusion in the > updates/security repo. > > Am I blind? Would appreciate a pointer or rationale about how this got into > security, rather than fastbugs. > > I know I'm missing something... > > Thanks. > I believe you are hunting the announcement from March 14 2013 on Core X11 clients. The full X stack got updated as part of an attempt to avoid a repeat of what happened July 2012. In July 2012 there as an X.org security update which caused some compatibility problems. There is a good summary in the archives (July 16th I believe). As part of our attempt to avoid a repeat and help keep things safe. I sent an email to Scientific Linux Users on March 4th 2013 explaining a bit more on that front. These were a bit buried under a few others, I'm not shocked you had a hard time finding them. Pat -- Pat Riehecky Scientific Linux developer http://www.scientificlinux.org/