Your message dated Thu, 19 Jan 2012 10:19:01 +0000
with message-id <e1rnp5b-0001rv...@franck.debian.org>
and subject line Bug#656410: fixed in xorg-server 2:1.11.3.901-2
has caused the Debian Bug report #656410,
regarding xorg-server: screen lockers bypassed via key combo
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
656410: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656410
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: xorg-server
version: 2:1.11.3.901-1
severity: critical
tag: security
A commit introduced in the xorg 1.11 seems to have introduced a key
combination capable of killing all screen locker programs; thus
allowing unauthorized local access to a system. See:
http://openwall.com/lists/oss-security/2012/01/19/1
--- End Message ---
--- Begin Message ---
Source: xorg-server
Source-Version: 2:1.11.3.901-2
We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive:
xdmx-tools_1.11.3.901-2_amd64.deb
to main/x/xorg-server/xdmx-tools_1.11.3.901-2_amd64.deb
xdmx_1.11.3.901-2_amd64.deb
to main/x/xorg-server/xdmx_1.11.3.901-2_amd64.deb
xnest_1.11.3.901-2_amd64.deb
to main/x/xorg-server/xnest_1.11.3.901-2_amd64.deb
xorg-server_1.11.3.901-2.diff.gz
to main/x/xorg-server/xorg-server_1.11.3.901-2.diff.gz
xorg-server_1.11.3.901-2.dsc
to main/x/xorg-server/xorg-server_1.11.3.901-2.dsc
xserver-common_1.11.3.901-2_all.deb
to main/x/xorg-server/xserver-common_1.11.3.901-2_all.deb
xserver-xephyr_1.11.3.901-2_amd64.deb
to main/x/xorg-server/xserver-xephyr_1.11.3.901-2_amd64.deb
xserver-xfbdev_1.11.3.901-2_amd64.deb
to main/x/xorg-server/xserver-xfbdev_1.11.3.901-2_amd64.deb
xserver-xorg-core-dbg_1.11.3.901-2_amd64.deb
to main/x/xorg-server/xserver-xorg-core-dbg_1.11.3.901-2_amd64.deb
xserver-xorg-core-udeb_1.11.3.901-2_amd64.udeb
to main/x/xorg-server/xserver-xorg-core-udeb_1.11.3.901-2_amd64.udeb
xserver-xorg-core_1.11.3.901-2_amd64.deb
to main/x/xorg-server/xserver-xorg-core_1.11.3.901-2_amd64.deb
xserver-xorg-dev_1.11.3.901-2_amd64.deb
to main/x/xorg-server/xserver-xorg-dev_1.11.3.901-2_amd64.deb
xvfb_1.11.3.901-2_amd64.deb
to main/x/xorg-server/xvfb_1.11.3.901-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 656...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Cyril Brulebois <k...@debian.org> (supplier of updated xorg-server package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 19 Jan 2012 10:47:49 +0100
Source: xorg-server
Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx
xdmx-tools xnest xvfb xserver-xephyr xserver-xfbdev xserver-xorg-core-dbg
xserver-common
Architecture: source all amd64
Version: 2:1.11.3.901-2
Distribution: unstable
Urgency: high
Maintainer: Debian X Strike Force <debia...@lists.debian.org>
Changed-By: Cyril Brulebois <k...@debian.org>
Description:
xdmx - distributed multihead X server
xdmx-tools - Distributed Multihead X tools
xnest - Nested X server
xserver-common - common files used by various X servers
xserver-xephyr - nested X server
xserver-xfbdev - Linux framebuffer device tiny X server
xserver-xorg-core - Xorg X server - core server
xserver-xorg-core-dbg - Xorg - the X.Org X server (debugging symbols)
xserver-xorg-core-udeb - Xorg X server - core server (udeb)
xserver-xorg-dev - Xorg X server - development files
xvfb - Virtual Framebuffer 'fake' X server
Closes: 656410
Changes:
xorg-server (2:1.11.3.901-2) unstable; urgency=high
.
* Revert "XKB: Add debug key actions for grabs & window tree" to stop
making it possible to bypass X screen locking programs. This is
CVE-2012-0064 (Closes: #656410).
* Set urgency to “high” accordingly.
Checksums-Sha1:
1e6dace0d5f5018c2e1e578b3e2bdf61ef4b3967 3488 xorg-server_1.11.3.901-2.dsc
dede7fed734ab143cecb60f78cb30b02bcabb965 397899
xorg-server_1.11.3.901-2.diff.gz
d4e6eb7ea66fc2b72863aed2c877416cc852912f 1281504
xserver-common_1.11.3.901-2_all.deb
fc1bd99179d03ca658b2eadf82fcfba40937e40a 1755988
xserver-xorg-core_1.11.3.901-2_amd64.deb
799da1fe2275251c658ca5d963b5dd68af9fe005 1065498
xserver-xorg-core-udeb_1.11.3.901-2_amd64.udeb
f93a3280c5d46736de92b327ef83396fd4e67a1a 310912
xserver-xorg-dev_1.11.3.901-2_amd64.deb
499e833b4bcc93e0f1848bc84ac5d752c21f3a9e 917248 xdmx_1.11.3.901-2_amd64.deb
d40393b9bc8829bf786bdffcf3dcfc094d99fd1b 123836
xdmx-tools_1.11.3.901-2_amd64.deb
c3f38686f090a0eb6fb3fa121464ebac7a8d7199 814288 xnest_1.11.3.901-2_amd64.deb
43605457e0647872b71c39593274d8f9d6ec5052 914526 xvfb_1.11.3.901-2_amd64.deb
2d93bf1a35fd0681933c6e514b666177f566ca87 1008822
xserver-xephyr_1.11.3.901-2_amd64.deb
bee72af9bf07f31e808979267f36b54bf60160d7 929748
xserver-xfbdev_1.11.3.901-2_amd64.deb
c242fdba8892ba155505d7e15ba9b15892ba7ee1 6218222
xserver-xorg-core-dbg_1.11.3.901-2_amd64.deb
Checksums-Sha256:
104b0e23f969ae49a41f3ea3accceb6e9ac084dbb77787b457fbf2489febe5ad 3488
xorg-server_1.11.3.901-2.dsc
5ee906410cbec575f71698e9af231586b0e5c87a180dc9dcbf6361cc3bd56f87 397899
xorg-server_1.11.3.901-2.diff.gz
01ad51f365a0e4e028816c41f4856bdd124ef9032c5d766330237dce9dbad23f 1281504
xserver-common_1.11.3.901-2_all.deb
04ba8bb292f1ed8e62cdfa49aae6cb3a76eba4b0c88ca62635cc9cc69252be3d 1755988
xserver-xorg-core_1.11.3.901-2_amd64.deb
530f494495634c9d06e8bbe8170f64d4dcbf1ea535d72e4a188ee43626d74555 1065498
xserver-xorg-core-udeb_1.11.3.901-2_amd64.udeb
b301d855bf5494f6b8ab3e03d7d5fde96d3a01f84cf1bbae24a435c86dd3a3ec 310912
xserver-xorg-dev_1.11.3.901-2_amd64.deb
a19cfadf9d3e86f19d6a25128b6db5e520603cf3652056746f15e265b3cb558a 917248
xdmx_1.11.3.901-2_amd64.deb
676c405d8693b08a62498b9869c5dea493f878c69e3bcd98657b9a2dc1038d1f 123836
xdmx-tools_1.11.3.901-2_amd64.deb
f1c135ccfd0662a00a51dd9444af87157657a2ae24093449f135ac6450e80d23 814288
xnest_1.11.3.901-2_amd64.deb
258ea189a2afae6fac6a0e25b6630e30ffd14e89836c204703bb7a62d2284c05 914526
xvfb_1.11.3.901-2_amd64.deb
b8f3cc5361fa790a7364fb18827680346936c80d265a49f2852f01162145fb3d 1008822
xserver-xephyr_1.11.3.901-2_amd64.deb
0ce79ceea01d67f30431c3818a932c0ee18d73ab456b8e03b939438539d2b2bc 929748
xserver-xfbdev_1.11.3.901-2_amd64.deb
bade540a6f7a123ae069e8cfdc273330550f5cdd29a47eb0726b4e8da75b60a1 6218222
xserver-xorg-core-dbg_1.11.3.901-2_amd64.deb
Files:
d7e61075dfde0476e8f842b4839c1123 3488 x11 optional xorg-server_1.11.3.901-2.dsc
1bf5e0f9bf9bb91b1aafbc7d9c0f5e4c 397899 x11 optional
xorg-server_1.11.3.901-2.diff.gz
ca67f03999c5a5d08c641b8400900ae1 1281504 x11 optional
xserver-common_1.11.3.901-2_all.deb
7d8ab63d2229e58aa66ab1bc24fdfaaf 1755988 x11 optional
xserver-xorg-core_1.11.3.901-2_amd64.deb
556f52cdbe5b0f9b33d972ee5ce65ecb 1065498 debian-installer optional
xserver-xorg-core-udeb_1.11.3.901-2_amd64.udeb
36d136681fe7c5a8470483a6da819d4f 310912 x11 optional
xserver-xorg-dev_1.11.3.901-2_amd64.deb
e8d77ebc2048442af90e837ba0e46635 917248 x11 optional
xdmx_1.11.3.901-2_amd64.deb
78c643fccc9d0cd6d487ced3a9dca735 123836 x11 optional
xdmx-tools_1.11.3.901-2_amd64.deb
fb7563dab3f6efcf60339d03b1aa060a 814288 x11 optional
xnest_1.11.3.901-2_amd64.deb
4fb9e740f073e37c9f1db627b2987c7e 914526 x11 optional
xvfb_1.11.3.901-2_amd64.deb
a5e29d603bdc208cd63558b138aeedff 1008822 x11 optional
xserver-xephyr_1.11.3.901-2_amd64.deb
dbd2306d27a3c5bd25277dc6fc38392e 929748 x11 optional
xserver-xfbdev_1.11.3.901-2_amd64.deb
8cda7abce0cee571eda8260f88cd860c 6218222 debug extra
xserver-xorg-core-dbg_1.11.3.901-2_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk8X6asACgkQeGfVPHR5Nd2fcACgwFutwp9wSK++skquHT27TVQf
PgoAnA2E8or5xOprLDqfDtGOwji2v+Qw
=UWLy
-----END PGP SIGNATURE-----
--- End Message ---