Fix for CVE-2007-3069
Kristian Høgsberg
krh at bitplanet.net
Mon Jan 21 13:30:29 PST 2008
Hi all,
I should have put this in the commit message, but it's a little late
for that. I recently committed this:
http://cgit.freedesktop.org/xorg/xserver/commit/?id=a6a7fadbb03ee99312dfb15ac478ab3c414c1c0b
which is actually a fix for CVS-2007-3069:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3920
which, despite the synopsis isn't Ubuntu specific. The problem is
that unredirecting windows will break any grabs on them. Compiz does
this for fullscreen windows, which compromises the security of most
screensavers. The fix suppresses this unintended side effect of
breaking, and eliminates the need for any client-side workarounds.
cheers,
Kristian
More information about the xorg
mailing list