Hardening consulting

CCC vulnerabilities in Xorg fixed

At the beginning of the year, I have talked of some CCC talks that I had liked. There were that talk on the Xorg security: the fixes have been integrated and official announce done.

One can be surprised that it took so much time to integrate all these changes. That's a lot of code, but on the other hand the fixes are just corner cases treatments... Xorg has been written in times when the security was not a concern, that explain that vulnerabilities that are here for more than a decade. But when attending XDC 2014, I had the impression that improvements that you can see will make their way to repositories much more quickly than security concerns.

Also, some projects have copied'n past some part of the Xorg code, so we can expect to have some of these vulnerabilities in other projects (it comes to my mind the QRegion of Qt that is an adaptation of the Xorg Xregion, but there's other).