X.org release engineering?

Joerg Sonnenberger joerg at britannica.bec.de
Tue Jun 9 08:41:05 PDT 2009


On Tue, Jun 09, 2009 at 08:13:03AM -0700, Alan Coopersmith wrote:
> Assuming you mean
> http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5bf703700ee4a5d6eae20da07cb7a29369667aef
> the patch is available from git, like all other changes.

See earlier part about following git history :)

> I can't find much discussion in the xorg_security list mail in my inbox
> archives (list archives > obviously aren't public) but it looks like no
> one declared that they believed it was an exploitable security issue,
> just a bug.

I wouldn't care about most off-by-one issues. This one is under full
user control though as xset can be used to make the server process
arbitrary directories (e.g. under /tmp). Anyway, it is an issue of the
past.

Joerg



More information about the xorg mailing list