Package: xorg-server Severity: important
Hi, CVE-2007-2437 came out recently, and its description reads: The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error. More information can be found here: http://xforce.iss.net/xforce/xfdb/33976 http://www.rapid7.com/advisories/R7-0027.jsp http://www.securitytracker.com/id?1017984 According to the information referenced there the solution is to "Upgrade to the latest version of X.Org Server (7.2 with Xserver 1.3.1 or later), available from the X.Org Foundation Web site" Please include the CVE reference in any changelogs that reference this issue. Thanks! Micah -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.18-4-vserver-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]