On Wed, May 31, 2023 at 09:28:02AM +0300, Timo Aaltonen wrote:
> Moritz Muehlenhoff kirjoitti 3.5.2023 klo 20.44:
> > Source: libdmx
> > Version: 1:1.1.4-2
> > Severity: serious
> >
> > The Xorg folks mentioned at
> > https://www.openwall.com/lists/oss-se
Source: libdmx
Version: 1:1.1.4-2
Severity: serious
The Xorg folks mentioned at
https://www.openwall.com/lists/oss-security/2023/05/02/3:
| We have also announced that we plan to retire the following packages soon
| and while their gitlab repos are not yet archived, we expect they will be
|
On Wed, Dec 02, 2020 at 11:49:24AM +0100, Julien Cristau wrote:
> Hi,
>
> On Tue, Dec 01, 2020 at 05:58:56PM +0100, Salvatore Bonaccorso wrote:
> > The following vulnerabilities were published for xorg-server.
> >
> > CVE-2020-25712[0]:
> > | Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap
Package: renderdoc
Severity: important
renderdoc/3rdparty/stb contains stb_image.h, stb_image_resize.h,
stb_image_write.h,
stb_impl.c, stb_truetype.h
These are also available in src:libstb, so please consider linking against the
in-archive copy.
Cheers,
Moritz
On Mon, Aug 27, 2018 at 05:40:01PM +0800, Bjoern wrote:
> -- Begin Quote: --
> From: Chris Lamb
> To: 906...@bugs.debian.org
> Cc: t...@security.debian.org
> Subject: Re: libxcursor: CVE-2015-9262
> Date: Mon, 13 Aug 2018 08:18:27 +0100
>
> [Message part 1 (text/plain,
Source: libxkbcommon
Severity: important
Tags: security
Please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15862
On Mon, Aug 13, 2018 at 08:18:27AM +0100, Chris Lamb wrote:
> Hi security team,
>
> > libxcursor: CVE-2015-9262
>
> I have prepared an update for stretch:
>
> libxcursor (1:1.1.14-1+deb9u2) stretch-security; urgency=high
>
>* Non-maintainer upload by the Security Team.
>* Fix a
On Wed, May 10, 2017 at 01:40:42PM +0200, Michael Biebl wrote:
> Am 10.05.2017 um 07:32 schrieb Moritz Muehlenhoff:
> > On Tue, May 02, 2017 at 07:39:37PM +0200, Michael Biebl wrote:
> >> Same is true for users of startx. They need the suid wrapper provided by
> &
On Tue, May 02, 2017 at 07:39:37PM +0200, Michael Biebl wrote:
> Same is true for users of startx. They need the suid wrapper provided by
> xserver-xorg-legacy in such a case.
That's not true. I use the text mode console nearly all the time and only
start X as needed via startx, that works fine
On Mon, Jan 30, 2017 at 02:36:11PM +, Gianfranco Costamagna wrote:
> fully agree, but I'm not in the position to revert this change
> >Why can't the Security Team treat VirtualBox like how it's been
> >treating WebKit1? Still have it in the archives but with a prominent
> >notice that Debian
Package: xbase-clients
Severity: normal
xfs has been removed from Debian. x11-xfs-utils is now only required
for corner cases, so please lower the Depends: to Suggests:
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
Package: libxp
Severity: important
If libxp should not be removed in jessie, we could enable hardened
build flags, patch attached.
Cheers,
Moritz
diff -aur libxp-1.0.2.orig/debian/rules libxp-1.0.2/debian/rules
--- libxp-1.0.2.orig/debian/rules 2014-01-08 19:40:49.0 +0100
+++
Package: xserver-xorg-video-openchrome
Version: 1:0.3.3-1
Severity: important
Tags: patch
Please enable hardened build flags. Patch attached.
Cheers,
Moritz
diff -aur xserver-xorg-video-openchrome-0.3.3.orig/debian/rules xserver-xorg-video-openchrome-0.3.3/debian/rules
---
Package: mesa
Severity: grave
Tags: security
Justification: user security hole
This issue affects mesa:
http://googlechromereleases.blogspot.de/2012/11/stable-update-for-chrome-os_30.html
Proposed patch:
http://www.mail-archive.com/mesa-dev@lists.freedesktop.org/msg29015.html
I don't see the
Package: mesa
Severity: grave
Tags: security
Justification: user security hole
Unfortunately this report is a bit vague:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2864
The Google Code Bug is closed, but the following fix was identified
in the Red Hat Bugzilla:
On Thu, Aug 23, 2012 at 09:48:41AM +0200, Moritz Muehlenhoff wrote:
Package: mesa
Severity: grave
Tags: security
Justification: user security hole
Unfortunately this report is a bit vague:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2864
The Google Code Bug is closed
Package: xorg-server
Severity: important
Tags: security
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2118 for more
details and links to upstream patches.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of unsubscribe.
Package: x11-xserver-utils
Version: 7.6+3
Severity: important
Tags: patch
Please enabled hardened build flags through dpkg-buildflags.
Patch attached. (dpkg-buildflags abides noopt from DEB_BUILD_OPTIONS)
Cheers,
Moritz
diff -aur x11-xserver-utils-7.6+3.orig/debian/rules
Source: libxfont
Severity: important
Tags: patch
Please enabled hardened build flags through dpkg-buildflags.
Patch attached. (dpkg-buildflags abides noopt from DEB_BUILD_OPTIONS)
Cheers,
Moritz
diff -aur libxfont-1.4.4.orig/debian/rules libxfont-1.4.4/debian/rules
---
Package: xterm
Version: 276-1
Severity: important
Tags: patch
Please enable hardened build flags through dpkg-buildflags.
Patch attached.
Cheers,
Moritz
diff -aur xterm-276.orig/debian/rules xterm-276/debian/rules
--- xterm-276.orig/debian/rules 2011-12-28 21:50:05.0 +0100
+++
On Sun, May 24, 2009 at 02:49:25PM -0700, David Miller wrote:
From: Julien Cristau jcris...@debian.org
Date: Sun, 24 May 2009 15:52:20 +0200
I plan to revert it for lenny r2, and if time permits I'll try to
make the xserver-xorg package generate an xorg.conf with Driver set
to fbdev
On Tue, Mar 24, 2009 at 02:50:25PM -0700, Kees Cook wrote:
Package: xfs
Version: 1:1.0.8-2.1
Severity: normal
Tags: security
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu jaunty
Hello,
There is a bug in the Ubuntu bug tracker about xfs's init script being used
in an
Brice Goglin wrote:
the debian/copyright of xserver-xorg-video-intel is so outdated it has
little to do with the rest of the package when it comes to who owns
which copyrights.
It would be good to go over the source and extract the relevant
copyright notices. Note that per-file
Thomas Viehmann wrote:
the debian/copyright of xserver-xorg-video-intel is so outdated it has
little to do with the rest of the package when it comes to who owns
which copyrights.
It would be good to go over the source and extract the relevant
copyright notices. Note that per-file
On Wed, Nov 14, 2007 at 11:02:28PM -0500, David Nusinow wrote:
On Sun, Nov 04, 2007 at 07:03:39PM +0100, Moritz Muehlenhoff wrote:
David Nusinow wrote:
I've tested the auto detection code David asked for and ran into
a bug: When I start X.org with the auto-generated config (I use startx
David Nusinow wrote:
I've tested the auto detection code David asked for and ran into
a bug: When I start X.org with the auto-generated config (I use startx,
since I work on framebuffer console most of the time, on my notebook
X11 is really just a slim layer beyond MPlayer) the screen
Package: xserver-xorg
Version: 1:7.3+3
Severity: important
I've tested the auto detection code David asked for and ran into
a bug: When I start X.org with the auto-generated config (I use startx,
since I work on framebuffer console most of the time, on my notebook
X11 is really just a slim layer
@lists.debian.org
Changed-By: Moritz Muehlenhoff [EMAIL PROTECTED]
Description:
lbxproxy - Low Bandwidth X (LBX) proxy server
libdps-dev - Display PostScript (DPS) client library development files
libdps1- Display PostScript (DPS) client library
libdps1-dbg - Display PostScript (DPS) client
Since upgrading to modular x.org icewm isn't loaded after startx
any more. As twm still works fine, I suspect that windows managers
somehow need to be adapted to the new directory layout?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe.
In gmane.linux.debian.devel.x, you wrote:
Another fun item of note is that Steve Langasek just gave me permission
announce the death of xlibs-dev. They didn't want this earlier because of
all the transitions going on, but now things are clear to let maintainers
start fixing their bugs. I'll
In gmane.linux.debian.devel.x, you wrote:
Some time ago I wrote a script that searches for the #includes of the
splitted xlibs and presents the maintainer a list of the new packages
to build-depend on. It was made against xfree 4.3, if you think it might
be useful I can update it for x.org.
In gmane.linux.debian.devel.x, Daniel Stone wrote:
AFAIK, ATI Radeon 9200 hardware specs are not completely published.
At least there are people who complain for lack of documentation.
Interesting; the only things missing to my knowledge are HyperZ and
Macrovision (which can be found with a
Package: xbase-clients
Version: 4.3.0.dfsg.1-8
Severity: minor
xbase-clients already has dependencies on the splitted xlibs, but additionally
it has a hard coded xlibs dependency as well, which should not be necessary as
all single libs depend on (foo | xlibs).
Is this intentional? If not, please
Moritz Muehlenhoff wrote:
Branden Robinson wrote:
Please report success or failure to this discussion thread.
I wanted to try it with my SIS630, but the build failed after
several hours:
With the updated MANIFESTs everything compiled fine as expected.
SIS630 support is as flawless as it has
Enrico Zini wrote:
I don't know if it's intentional or not, but the driver for SIS chipsets
is not included in the package, although it seems to exist upstream.
It certainly is, I'm using it on my notebook. It's called sis_drv.o, though:
/usr/X11/lib/modules/drivers/sis_drv.o (from
Ivan Kanis wrote:
When running amoeba from the contrib I get a segfault. Running under gdb
I get the following information:
0x4099a5ce in __driRegisterExtensions ()
from /usr/X11R6/lib/modules/dri/r200_dri.so
I think that's about all the relevant details. I haven't filed this bug
against
[This message has also been posted to gmane.linux.debian.devel.x.]
Ivan Kanis wrote:
When running amoeba from the contrib I get a segfault. Running under gdb
I get the following information:
0x4099a5ce in __driRegisterExtensions ()
from /usr/X11R6/lib/modules/dri/r200_dri.so
I think
Moritz Muehlenhoff wrote:
should depend on. It's available at
http://www.informatik.uni-bremen.de/~jmm/xlibs-split-check-20040330.tar.gz
http://www.informatik.uni-bremen.de/~jmm/xlibs-split-check-20040331.tar.gz
fixes two bugs.
Cheers,
Moritz
Hi,
IMO the xlibs split from the monolithic monster package is one of the
biggest benefits of the new 4.3.0 packaging. Some maintainers of packages
that depend on xlibs seem to have problems to figure out the new libs
they should depend on. In order to speed that up I decided to write a
script
Christian Guggenberger wrote:
Just for your info - starting with 4.3.0, the i810 driver supports the i865G
as well.
See, if things work better with the i810 instead of vesa driver.
This probably fixes #158900 as well.
Sebastian [EMAIL PROTECTED] wrote:
After dist-upgrading a Debian/sid three weeks ago, on a IBM Thinkpad R40,
the '' key stopped working, as if it is a dead key. All other keys,
including my German umlaut setup work. Also, on the console, the '' key
continues to work. Besides Eterm I also
Clint Adams wrote:
Are you using the Permedia framebuffer driver on console?
There appear to be some deficiencies in XFree86's PM2V driver for the
Raptor GFX 8P, which change if you initialize the card with the Linux
2.4 fb driver (which itself has deficiencies for this card).
There's a port
Merwan wrote:
After a dist-upgrade under sid which resulted into an upgrade of xfree
to 4.3, the display brightness is very high and it's difficult to see
anything. There were no problems with the last version of xfree (4.2.?)
My video card is an AIW Radeon 7500.
Does your card have an
[Forwarding my post to debian-x@ into the bug tracking system]
From: Moritz Muehlenhoff [EMAIL PROTECTED]
Newsgroups: gmane.linux.debian.devel.x
Subject: Re: Bug#234025: xserver-xfree86: ati/radeon : dist-upgrade to xfree
4.3, display almost unreadable
Merwan wrote:
After a dist-upgrade under
First of all thanks for the 4.3.0 packages, my new Radeon 9200 ran out
of the box with completely libre 3D support (expect that I had to down-
grade xlibmesa-dri, which has already been reported several times).
Great work!
Are you planning to integrate a more recent DRI version into the 4.3.0
Hi,
the update from 4.2.1-6 towards 4.3.0-pre1v1 was pretty smooth,
everything works as expected. I never really used 3D with my
Radeon 7500 QW (64 MB SDRAM) before, but I thought I'd give it
a try with 4.3.0. With the included drm-src package recompiled
for 2.4.21-bk30 (comparable to -rc1) and
Sven Luther wrote:
Is this a bug in the debian-package? Judging from the XFree86.log.0
my system seems properly configured, but I'm in no way an X11 expert.
What is the output of glxinfo ?
Here we go.
Cheers,
Moritz
$ glxinfo -v
name of display: :0.0
display: :0 screen: 0
direct
Sven Luther wrote:
Is this a bug in the debian-package? Judging from the XFree86.log.0
my system seems properly configured, but I'm in no way an X11 expert.
What is the output of glxinfo ?
Here we go.
Cheers,
Moritz
$ glxinfo -v
name of display: :0.0
display: :0 screen: 0
direct
Michel D?nzer wrote:
330 to 440 fps (agp4, enablepageflip) in glxgears (normal size
on a 1024x768 screen on a Athlon 1700+),
I hope you mean the size the window comes up in by 'normal size' ?
Yes, that's what I meant. glxgears runs in 300x300 pixels or something
like that.
Does setting
Hi,
the update from 4.2.1-6 towards 4.3.0-pre1v1 was pretty smooth,
everything works as expected. I never really used 3D with my
Radeon 7500 QW (64 MB SDRAM) before, but I thought I'd give it
a try with 4.3.0. With the included drm-src package recompiled
for 2.4.21-bk30 (comparable to -rc1) and
50 matches
Mail list logo