On 04/22/2013 11:53 AM, Kraus, Dave (GE Healthcare) wrote:

[log in to unmask]" type="cite">

We are in the midst of doing an updated 6.3 spin for our customers, and the bump in xorg-x11-server and associated packages from 1.10 to 1.13 and the ABI change on the driver side is causing heartburn for some.

We’ve been going around and around about whether to do this inclusion, and I’m just realizing that I can’t find either the errata announcement or any documentation from anyone on fixed CVEs driving inclusion in the updates/security repo.

Am I blind? Would appreciate a pointer or rationale about how this got into security, rather than fastbugs.

I know I’m missing something…

Thanks.

I believe you are hunting the announcement from March 14 2013 on Core X11 clients.

The full X stack got updated as part of an attempt to avoid a repeat of what happened July 2012. In July 2012 there as an X.org security update which caused some compatibility problems. There is a good summary in the archives (July 16th I believe).

As part of our attempt to avoid a repeat and help keep things safe.

I sent an email to Scientific Linux Users on March 4th 2013 explaining a bit more on that front.

These were a bit buried under a few others, I'm not shocked you had a hard time finding them.

Pat

-- 
Pat Riehecky

Scientific Linux developer
http://www.scientificlinux.org/