svn commit: r470453 - head/security/vuxml
Niclas Zeising
zeising at FreeBSD.org
Sun May 20 13:14:19 UTC 2018
Author: zeising
Date: Sun May 20 13:14:18 2018
New Revision: 470453
URL: https://svnweb.freebsd.org/changeset/ports/470453
Log:
Update VuXML entry for xorg-server issues
Update VuXML entry for xorg-server issues related to CVE-2017-10971 and
CVE-2017-10972. The version check was wrong missing the portepoch which
meant that the entry never matched anything. It was also only added for
xorg-server 1.19, while we have 1.18 in base.
Fix formatting and edit the overly long lines.
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun May 20 13:06:51 2018 (r470452)
+++ head/security/vuxml/vuln.xml Sun May 20 13:14:18 2018 (r470453)
@@ -8529,15 +8529,22 @@ Using a handcrafted message, remote code execution see
<affects>
<package>
<name>xorg-server</name>
- <range><le>1.19.3</le></range>
+ <range><le>1.18.4_6,1</le></range>
+ <range><ge>1.19.0,1</ge><le>1.19.3,1</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>xorg-server developers reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/99546">
- <p>In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.</p>
- <p>Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.</p>
+ <p>In the X.Org X server before 2017-06-19, a user authenticated to
+ an X Session could crash or execute code in the context of the X
+ Server by exploiting a stack overflow in the endianness conversion
+ of X Events.</p>
+ <p>Uninitialized data in endianness conversion in the XEvent handling
+ of the X.Org X Server before 2017-06-19 allowed authenticated
+ malicious users to access potentially privileged data from the X
+ server.</p>
</blockquote>
</body>
</description>
@@ -8556,6 +8563,7 @@ Using a handcrafted message, remote code execution see
<dates>
<discovery>2017-07-06</discovery>
<entry>2017-10-17</entry>
+ <modified>2018-05-20</modified>
</dates>
</vuln>
More information about the svn-ports-all
mailing list