X11 2.1.3

Released: 2008.01.18

This release contains Xquartz-1.3.0-apple9.

Installation

Download X11-2.1.3.pkg, and open it to install with Leopard's Installer. You will need to have Leopard's X11 package installed. If you uninstalled it or deselected it during your OS install, please install it from the installation DVD.

Important Notices

Security Concerns

This release was made in response to an ​X.org security announcement regarding the following vulnerabilities:

• ​CVE-2007-5760
  • We are not vulnerable to this.
• ​CVE-2007-5958
  • We are not vulnerable to this unless under normal usage, but it is possible to trigger this bug by alternate uses of XQuartz 2.1.2 and earlier.
• ​CVE-2007-6427
  • I do not believe we are vulnerable to this issue, but I have not verified that assumption. The fix is included rather than spending time investigating.
• ​CVE-2007-6428
  • 2.1.2 and earlier are vulnerable to this one.
• ​CVE-2007-6429
  • 2.1.2 and earlier are vulnerable to this one.
• ​CVE-2008-0006
  • 2.1.2 and earlier are vulnerable to this one.

Restart Notice

Because we've changed the way launchd starts the server, you will need to restart your machine after installation.

Changes in 2.1.3

• All changes in 2.1.2 plus:
• lib:
  • ​libXfont git 2008.01.14
    • ​CVE-2008-0006
• server:
  • ​xorg-server-1.3.0-apple9
    • fixed 'login_shell' defaults key usage when launching from the Applications menu.
    • ​CVE-2007-5958
    • ​CVE-2007-6427
    • ​CVE-2007-6428
    • ​CVE-2007-6429
    • ​CVE-2008-0006