Security Flaw in xorg-client?

Eric Anholt eta at
Wed Jul 7 12:29:55 PDT 2004

On Mon, 2004-07-05 at 17:20, Michael Edenfield wrote:
> My nightly security scan has been complaining lately about this:
> Affected package: xorg-clients-6.7.0                                                                                 
> Type of problem: XFree86 opens a chooserFd TCP socket even when
> DisplayManager.requestPort is 0.                     
> 1) Am I correct that this issue is related to xdm, so if I'm running a
> replacement and/or not running a display manager this isn't an issue?
> 2) Is this bug really shared by XF86 and Xorg, and the description needs
> updating, or is it just picking up xdm and assuming it's a broken XF86
> version, or what?

I fixed this yesterday.

1) correct.

2) It was an issue in xorg, though the updated xf86 4.4 ports in gnats
were also suceptible.  Both are fixed now.

Eric Anholt                                eta at          anholt at

More information about the freebsd-ports mailing list