xorg-server 2:1.15.1-0ubuntu2.9 source package in Ubuntu

Changelog

xorg-server (2:1.15.1-0ubuntu2.9) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS and possible code execution in endianness
    conversion of X Events
    - debian/patches/CVE-2017-10971-1.patch: do not try to swap
      GenericEvent in Xi/sendexev.c.
    - debian/patches/CVE-2017-10971-2.patch: verify all events in
      ProcXSendExtensionEvent in Xi/sendexev.c.
    - debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in
      SendEvent request in dix/events.c, dix/swapreq.c.
    - CVE-2017-10971
  * SECURITY UPDATE: information leak in XEvent handling
    - debian/patches/CVE-2017-10972.patch: zero target buffer in
      SProcXSendExtensionEvent in Xi/sendexev.c.
    - CVE-2017-10972
  * SECURITY UPDATE: MIT-MAGIC-COOKIES timing attack
    - debian/patches/CVE-2017-2624.patch: use timingsafe_memcmp() in
      configure.ac, include/dix-config.h.in, include/os.h,
      os/mitauth.c, os/timingsafe_memcmp.c.
    - CVE-2017-2624
  * debian/patches/fix_test_failure.patch: fix ftbfs on armhf due to
    uninitialized values.

 -- Marc Deslauriers <email address hidden>  Thu, 20 Jul 2017 14:44:38 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Trusty
Original maintainer:
Ubuntu X-SWAT
Architectures:
any all
Section:
x11
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
xorg-server_1.15.1.orig.tar.gz 7.3 MiB 0c144e98081887c93c066c0bd5725865b014ed1acd6def1319a1e350ced96d76
xorg-server_1.15.1-0ubuntu2.9.diff.gz 213.3 KiB 7b8a70ccc66b4c6f1955f20fe904d5777656d35014f065bc0c7575b8d586896c
xorg-server_1.15.1-0ubuntu2.9.dsc 4.4 KiB 8bbbedc6f6dd4eaa3a7e8b6820613b51be46955097ada5f4a67d474f78f53fca

View changes file

Binary packages built by this source

xdmx: distributed multihead X server

 Xdmx is a proxy X server that uses one or more other X servers as its
 display device(s). It provides multi-head X functionality for displays that
 might be located on different machines. Xdmx functions as a front-end X server
 that acts as a proxy to a set of back-end X servers. All of the visible
 rendering is passed to the back-end X servers. Clients connect to the Xdmx
 front-end, and everything appears as it would in a regular multi-head
 configuration. If Xinerama is enabled (e.g., with +xinerama on the command
 line), the clients see a single large screen.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xdmx-dbgsym: debug symbols for package xdmx

 Xdmx is a proxy X server that uses one or more other X servers as its
 display device(s). It provides multi-head X functionality for displays that
 might be located on different machines. Xdmx functions as a front-end X server
 that acts as a proxy to a set of back-end X servers. All of the visible
 rendering is passed to the back-end X servers. Clients connect to the Xdmx
 front-end, and everything appears as it would in a regular multi-head
 configuration. If Xinerama is enabled (e.g., with +xinerama on the command
 line), the clients see a single large screen.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xdmx-tools: Distributed Multihead X tools

 This package provides a collection of tools used for administration of
 the Xdmx server; see the xdmx package for more information.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xdmx-tools-dbgsym: debug symbols for package xdmx-tools

 This package provides a collection of tools used for administration of
 the Xdmx server; see the xdmx package for more information.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xnest: Nested X server

 Xnest is a nested X server that simply relays all its requests to another
 X server, where it runs as a client. This means that it appears as another
 window in your current X session. Xnest relies upon its parent X server
 for font services.
 .
 Use of the Xephyr X server instead of Xnest is recommended.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xnest-dbgsym: debug symbols for package xnest

 Xnest is a nested X server that simply relays all its requests to another
 X server, where it runs as a client. This means that it appears as another
 window in your current X session. Xnest relies upon its parent X server
 for font services.
 .
 Use of the Xephyr X server instead of Xnest is recommended.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xorg-server-source: Xorg X server - source files

 This package provides original Debian (with Debian patches already
 applied, and autotools files updated) sources for the X.Org ('Xorg')
 X server shipped in a tarball. This enables other projects re-using
 X server codebase (e.g. VNC servers) to (re-)use officially
 Debian-supported version of the X xserver for their builds.
 .
 Unless you are building a software product using X server sources,
 you probably want xserver-xorg and/or xserver-xorg-core instead.

xserver-common: common files used by various X servers

 This package provides files necessary for all X.Org based X servers.

xserver-xephyr: nested X server

 Xephyr is an X server that can be run inside another X server,
 much like Xnest. It is based on the kdrive X server, and as a
 result it supports newer extensions than Xnest, including render and
 composite.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xserver-xephyr-dbgsym: debug symbols for package xserver-xephyr

 Xephyr is an X server that can be run inside another X server,
 much like Xnest. It is based on the kdrive X server, and as a
 result it supports newer extensions than Xnest, including render and
 composite.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xserver-xorg-core: Xorg X server - core server

 The Xorg X server is an X server for several architectures and operating
 systems, which is derived from the XFree86 4.x series of X servers.
 .
 The Xorg server supports most modern graphics hardware from most vendors,
 and supersedes all XFree86 X servers.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xserver-xorg-core-dbg: Xorg - the X.Org X server (debugging symbols)

 The Xorg X server is an X server for several architectures and operating
 systems, which is derived from the XFree86 4.x series of X servers.
 .
 The Xorg server supports most modern graphics hardware from most vendors,
 and supersedes all XFree86 X servers.
 .
 This package provides debugging symbols for the Xorg X server and associated
 modules.

xserver-xorg-core-dbgsym: debug symbols for package xserver-xorg-core

 The Xorg X server is an X server for several architectures and operating
 systems, which is derived from the XFree86 4.x series of X servers.
 .
 The Xorg server supports most modern graphics hardware from most vendors,
 and supersedes all XFree86 X servers.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xserver-xorg-core-udeb: Xorg X server - core server

 This is a udeb, or a microdeb, for the debian-installer.

xserver-xorg-core-udeb-dbgsym: debug symbols for package xserver-xorg-core-udeb

 This is a udeb, or a microdeb, for the debian-installer.

xserver-xorg-dev: Xorg X server - development files

 This package provides development files for the X.Org ('Xorg') X server.
 This is not quite the same as the DDK (Driver Development Kit) from the
 XFree86 4.x and X.Org 6.7, 6.8 and 6.9 series of servers; it provides
 headers and a pkg-config file for drivers using autotools to build
 against.
 .
 Unless you are developing or building a driver, you probably want
 xserver-xorg and/or xserver-xorg-core instead.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xserver-xorg-dev-dbgsym: debug symbols for package xserver-xorg-dev

 This package provides development files for the X.Org ('Xorg') X server.
 This is not quite the same as the DDK (Driver Development Kit) from the
 XFree86 4.x and X.Org 6.7, 6.8 and 6.9 series of servers; it provides
 headers and a pkg-config file for drivers using autotools to build
 against.
 .
 Unless you are developing or building a driver, you probably want
 xserver-xorg and/or xserver-xorg-core instead.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xserver-xorg-xmir: Xorg - the X.Org X server (module for running nested in Mir)

 xserver-xorg-xmir provides an extension module to support running an
 Xorg as a client of an existing Mir compositor.

xserver-xorg-xmir-dbgsym: debug symbols for package xserver-xorg-xmir

 xserver-xorg-xmir provides an extension module to support running an
 Xorg as a client of an existing Mir compositor.

xvfb: Virtual Framebuffer 'fake' X server

 Xvfb provides an X server that can run on machines with no display hardware
 and no physical input devices. It emulates a dumb framebuffer using virtual
 memory. The primary use of this server was intended to be server testing,
 but other novel uses for it have been found, including testing clients
 against unusual depths and screen configurations, doing batch processing with
 Xvfb as a background rendering engine, load testing, as an aid to porting the
 X server to a new platform, and providing an unobtrusive way to run
 applications that don't really need an X server but insist on having one
 anyway.
 .
 This package also contains a convenience script called xvfb-run which
 simplifies the automated execution of X clients in a virtual server
 environment. This convenience script requires the use of the xauth
 program.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xvfb-dbgsym: debug symbols for package xvfb

 Xvfb provides an X server that can run on machines with no display hardware
 and no physical input devices. It emulates a dumb framebuffer using virtual
 memory. The primary use of this server was intended to be server testing,
 but other novel uses for it have been found, including testing clients
 against unusual depths and screen configurations, doing batch processing with
 Xvfb as a background rendering engine, load testing, as an aid to porting the
 X server to a new platform, and providing an unobtrusive way to run
 applications that don't really need an X server but insist on having one
 anyway.
 .
 This package also contains a convenience script called xvfb-run which
 simplifies the automated execution of X clients in a virtual server
 environment. This convenience script requires the use of the xauth
 program.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.