Fix for CVE-2007-3069

Kristian Høgsberg krh at bitplanet.net
Mon Jan 21 13:30:29 PST 2008


Hi all,

I should have put this in the commit message, but it's a little late
for that.  I recently committed this:

http://cgit.freedesktop.org/xorg/xserver/commit/?id=a6a7fadbb03ee99312dfb15ac478ab3c414c1c0b

which is actually a fix for CVS-2007-3069:

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3920

which, despite the synopsis isn't Ubuntu specific.  The problem is
that unredirecting windows will break any grabs on them.  Compiz does
this for fullscreen windows, which compromises the security of most
screensavers.  The fix suppresses this unintended side effect of
breaking, and eliminates the need for any client-side workarounds.

cheers,
Kristian



More information about the xorg mailing list