On Wed, Oct 05, 2016 at 11:17:20PM +0200, Ludovic Courtès wrote: > Leo Famulari <l...@famulari.name> skribis: > > > There is an Xorg security advisory: > > https://lists.freedesktop.org/archives/xorg/2016-October/058344.html > > > > This patch series applies the patches recommended by upstream using > > grafts. > > > > Leo Famulari (8): > > gnu: libx11: Fix CVE-2016-{7942,7943}. > > gnu: libxfixes: Fix CVE-2016-7944. > > gnu: libxi: Fix CVE-2016-{7945,7946}. > > gnu: libxrandr: Fix CVE-2016-{7947,7948}. > > gnu: libxrender: Fix CVE-2016-{7949,7950}. > > gnu: libxtst: Fix CVE-2016-{7951,7952}. > > gnu: libxv: Fix CVE-2016-5407. > > gnu: libxvmc: Fix CVE-2016-7953. > > This all LGTM. > > I tested by (1) building and a running a couple of grafted X clients > talking to my (ungrafted) X server, and (2) building my laptop’s config > with ‘guix system vm’ and checking that both the X server and typical X > clients functioned.
Thank you for testing! > So I think this can go in on master. Pushed! > (On core-updates it’s probably best to upgrade these libraries instead > of patching them, as you wrote on IRC.) I'll send those in a couple hours.