Bug 7349 - libX11 1.0.2 missing setuid security fix
Summary: libX11 1.0.2 missing setuid security fix
Alias: None
Product: xorg
Classification: Unclassified
Component: Lib/Xlib (show other bugs)
Version: unspecified
Hardware: x86 (IA32) Linux (All)
: high normal
Assignee: Xorg Project Team
QA Contact:
Keywords: patch
Depends on:
Reported: 2006-06-28 01:14 UTC by Mike A. Harris
Modified: 2006-07-11 09:16 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:

This is the attachment description. (420 bytes, patch)
2006-06-28 01:18 UTC, Mike A. Harris
no flags Details | Splinter Review

Description Mike A. Harris 2006-06-28 01:14:09 UTC
A new release of libX11 version 1.0.2 was just released recently, which
does not contain the security fixes for the recently reported setuid

It appears that many of the packages affected by the setuid bugs have not
had new releases containing these security fixes as well.

A new version of libX11 with the setuid fix should be released.
Comment 1 Mike A. Harris 2006-06-28 01:18:00 UTC
Created attachment 6068 [details] [review]
This is the attachment description.

Patch to fix this issue.
Comment 2 Donnie Berkholz 2006-06-28 01:20:45 UTC
Only 1 of the 2 instances of seteuid() was fixed in the master branch, so the
cherry-pick to stable branch also missed the second instance.
Comment 3 Donnie Berkholz 2006-07-07 16:24:03 UTC
Fixed in head and stable branches, commits
e9614c963b532f46a7932c2305a4b177a996a222 and
Comment 4 Mike A. Harris 2006-07-11 09:16:42 UTC
Confirmed in 1.0.3

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.