cvs commit: ports/x11/linux-XFree86-libs Makefile distinfo.i386
Trevor Johnson
trevor at jpj.net
Sat Mar 6 13:16:55 PST 2004
Dag-Erling [iso-8859-1] Smørgrav wrote:
> Trevor Johnson <trevor at FreeBSD.org> writes:
> > Log:
> > Update to version 4.3.0-2.90.55 due to several security bugs
> > (discovered by iDefense and David Dawes) in the parsing of font
> > files and the font.alias file which can give root privileges to
> > local users. [...]
>
> This is pointless as the bug in question only affects the server.
I hadn't noticed that--when I glanced at
<URL:ftp://ftp.xfree86.org/pub/XFree86/4.3.0/fixes/fontfile.diff>, which
addresses these bugs, it looked like the problem was in the X libraries,
not the server.
Anyway, keeping the old PORTVERSION would have been unwieldy: I would
have had to use MASTER_SITE_LOCAL.
--
Trevor Johnson
More information about the cvs-ports
mailing list