Aha! I did SEE that announcement, but dismissed it as something else, obviously. Teach me to pay attention.
And I did vaguely remember seeing discussion regarding this. I just couldn’t remember when or where, either.
Thanks Pat!
Now we will probably have OTHER arguments over it. <sigh>
From: [log in to unmask] [mailto:[log in to unmask]]
On Behalf Of Pat Riehecky
Sent: Monday, April 22, 2013 12:04 PM
To: Kraus, Dave (GE Healthcare)
Cc: [log in to unmask]
Subject: Re: [SCIENTIFIC-LINUX-DEVEL] xorg-x11-server 1.13 security fix?
On 04/22/2013 11:53 AM, Kraus, Dave (GE Healthcare) wrote:
We are in the midst of doing an updated 6.3 spin for our customers, and the bump in xorg-x11-server and associated packages from 1.10 to 1.13 and the ABI change on the driver side is causing heartburn for some.
We’ve been going around and around about whether to do this inclusion, and I’m just realizing that I can’t find either the errata announcement or any documentation from anyone on fixed CVEs driving inclusion in the updates/security repo.
Am I blind? Would appreciate a pointer or rationale about how this got into security, rather than fastbugs.
I know I’m missing something…
Thanks.
I believe you are hunting the announcement from March 14 2013 on Core X11 clients.
The full X stack got updated as part of an attempt to avoid a repeat of what happened July 2012. In July 2012 there as an X.org security update which caused some compatibility problems. There is a good summary in the archives (July 16th I believe).
As part of our attempt to avoid a repeat and help keep things safe.
I sent an email to Scientific Linux Users on March 4th 2013 explaining a bit more on that front.
These were a bit buried under a few others, I'm not shocked you had a hard time finding them.
Pat
--
Pat Riehecky