svn commit: r496547 - head/security/vuxml
Niclas Zeising
zeising at FreeBSD.org
Fri Mar 22 04:08:56 UTC 2019
Author: zeising
Date: Fri Mar 22 04:08:55 2019
New Revision: 496547
URL: https://svnweb.freebsd.org/changeset/ports/496547
Log:
Update the libXdmcp entry to make it clearer.
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Fri Mar 22 02:11:03 2019 (r496546)
+++ head/security/vuxml/vuln.xml Fri Mar 22 04:08:55 2019 (r496547)
@@ -132,8 +132,9 @@ Notes:
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The freedesktop and x.org project reports:</p>
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-2625">
- <p>It was discovered that libXdmcp before 1.1.3 including used weak
- entropy to generate session keys. On a multi-user system using
+ <p>It was discovered that libXdmcp before 1.1.3 used weak
+ entropy to generate session keys on platforms without
+ arc4random_buf() but with getentropy(). On a multi-user system using
xdmcp, a local attacker could potentially use information available
from the process list to brute force the key, allowing them to
hijack other users' sessions.</p>
@@ -150,6 +151,7 @@ Notes:
<dates>
<discovery>2017-04-04</discovery>
<entry>2019-03-21</entry>
+ <modified>2019-03-22</modified>
</dates>
</vuln>
More information about the svn-ports-all
mailing list