Re: Why xorg-server-21.1.22,1 is vulnerable

Reply: Masachika ISHIZUKA : "Re: Why xorg-server-21.1.22,1 is vulnerable"
In reply to: Masachika ISHIZUKA : "Why xorg-server-21.1.22,1 is vulnerable"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Martin Simmons <martin_at_lispworks.com>
Date: Mon, 01 Jun 2026 14:47:12 UTC

[ brnrd@ added ]

>>>>> On Sun, 31 May 2026 14:25:51 +0900 (JST), Masachika ISHIZUKA said:
> 
> Hi.
> 
> # pkg audit -F
> vulnxml file up-to-date
> [snip]
> xorg-server-21.1.22,1 is vulnerable:
>   xorg-server -- Multiple vulnerabilities
>   CVE: CVE-2026-34003
>   CVE: CVE-2026-34002
>   CVE: CVE-2026-34001
>   CVE: CVE-2026-34000
>   CVE: CVE-2026-33999
>   WWW: https://vuxml.FreeBSD.org/freebsd/7b6463c6-3813-11f1-a284-589cfc10a551.html
> 
> Is this true ?

The VuxML for xorg-server looks wrong to me now.

It says xorg-server < 21.1.22,2 but xorg-server is at epoch 1, not 2.

__Martin