Re: Why xorg-server-21.1.22,1 is vulnerable

In reply to: Martin Simmons : "Re: Why xorg-server-21.1.22,1 is vulnerable"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Masachika ISHIZUKA <ish_at_ish.org>
Date: Tue, 02 Jun 2026 05:34:51 UTC

>> # pkg audit -F
>> vulnxml file up-to-date
>> [snip]
>> xorg-server-21.1.22,1 is vulnerable:
>>   xorg-server -- Multiple vulnerabilities
>>   CVE: CVE-2026-34003
>>   CVE: CVE-2026-34002
>>   CVE: CVE-2026-34001
>>   CVE: CVE-2026-34000
>>   CVE: CVE-2026-33999
>>   WWW: https://vuxml.FreeBSD.org/freebsd/7b6463c6-3813-11f1-a284-589cfc10a551.html
>> 
>> Is this true ?
> 
> The VuxML for xorg-server looks wrong to me now.
> 
> It says xorg-server < 21.1.22,2 but xorg-server is at epoch 1, not 2.

  Thank you.
  Vuxml has been updated and now displays correctly.

# pkg audit -F
[snip]
xorg-server-21.1.22,1 is vulnerable:
  xorg-server -- Multiple vulnerabilities
  CVE: ZDI-CAN-30168
  CVE: ZDI-CAN-30165
  CVE: ZDI-CAN-30164
  CVE: ZDI-CAN-30163
  CVE: ZDI-CAN-30161
  CVE: ZDI-CAN-30160
  CVE: ZDI-CAN-30159
  CVE: ZDI-CAN-30136
  WWW: https://vuxml.FreeBSD.org/freebsd/592ced15-5e20-11f1-86a2-589cfc10a551.html
-- 
Masachika ISHIZUKA