Security Flaw in xorg-client?
eta at lclark.edu
Wed Jul 7 12:29:55 PDT 2004
On Mon, 2004-07-05 at 17:20, Michael Edenfield wrote:
> My nightly security scan has been complaining lately about this:
> Affected package: xorg-clients-6.7.0
> Type of problem: XFree86 opens a chooserFd TCP socket even when
> DisplayManager.requestPort is 0.
> 1) Am I correct that this issue is related to xdm, so if I'm running a
> replacement and/or not running a display manager this isn't an issue?
> 2) Is this bug really shared by XF86 and Xorg, and the description needs
> updating, or is it just picking up xdm and assuming it's a broken XF86
> version, or what?
I fixed this yesterday.
2) It was an issue in xorg, though the updated xf86 4.4 ports in gnats
were also suceptible. Both are fixed now.
Eric Anholt eta at lclark.edu
http://people.freebsd.org/~anholt/ anholt at FreeBSD.org
More information about the freebsd-ports