=== jono is now known as Guest6286
[21:15] <darthduck> hi all
[21:17] <darthduck> I'm trying to get the "tip" of precise's xorg-server package.  I did a 'git clone git://anonscm.debian.org/pkg-xorg/xserver/xorg-server.git' followed by 'git checkout -b ubuntu remotes/origin/ubuntu-precise'
[21:18] <darthduck> but I don't see the latest CVE patches, namely CVE-2013-1940.patch and CVE-2013-4396.patch
[21:18] <ubottu> X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1940)
[21:18] <ubottu> Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396)
[21:19] <darthduck> Am I cloning the right repo?  Am I on the wrong branch?  Any help is greatly appreciated.
[21:23] <tjaalton> darthduck: those are not in git (yet)
[21:58] <darthduck> tjaalton: thanks.  I'll copy them into my local git tree for the time being from my 'apt-get source' directory.
[21:59] <darthduck> It appears 190_cache-xkbcomp_output_for_fast_start_up.patch has differences as well.