[Bug 274266] x11/libX11: update vulnerable port to 1.8.7

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274266

            Bug ID: 274266
           Summary: x11/libX11: update vulnerable port to 1.8.7
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://lists.x.org/archives/xorg/2023-October/061508.
                    html
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: x11@FreeBSD.org
          Reporter: ps.ports@smyrak.com
          Assignee: x11@FreeBSD.org
             Flags: maintainer-feedback?(x11@FreeBSD.org)
                CC:

Created attachment 245436
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=245436&action=edit
patch for x11/libX11

X11 has published a security bulletin [1] that exposes the following CVEs in
our x11/libX11 version 1.8.6:

CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms()
CVE-2023-43786: stack exhaustion from infinite recursion in PutSubImage()
CVE-2023-43787: Integer overflow in XCreateImage() leading to a heap overflow

See changelog for a full list of changes in the release [2].

The attached patch bumps the Makefile, distinfo and updates the pkg-plist
according to man pages reorganization.

See also related report #274265 regarding x11/libXpm.

1. https://lists.x.org/archives/xorg/2023-October/061506.html
2.
https://gitlab.freedesktop.org/xorg/lib/libx11/-/compare/libX11-1.8.6...libX11-1.8.7

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.