diff options
| author | zeising <zeising@FreeBSD.org> | 2018-05-20 21:14:18 +0800 |
|---|---|---|
| committer | zeising <zeising@FreeBSD.org> | 2018-05-20 21:14:18 +0800 |
| commit | 71151cae75a4c6631a85223b4fc0dd797ba3d1bd (patch) | |
| tree | d14af494c710ab2b434966ec97125455cdf9dbfe /security | |
| parent | ac567f6c62ea79e3f742d425b0b00c35347542d0 (diff) | |
| download | freebsd-ports-gnome-71151cae75a4c6631a85223b4fc0dd797ba3d1bd.tar.gz freebsd-ports-gnome-71151cae75a4c6631a85223b4fc0dd797ba3d1bd.tar.zst freebsd-ports-gnome-71151cae75a4c6631a85223b4fc0dd797ba3d1bd.zip | |
Update VuXML entry for xorg-server issues
Update VuXML entry for xorg-server issues related to CVE-2017-10971 and
CVE-2017-10972. The version check was wrong missing the portepoch which
meant that the entry never matched anything. It was also only added for
xorg-server 1.19, while we have 1.18 in base.
Fix formatting and edit the overly long lines.
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 6cfa612fec1b..dc322328db50 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -8529,15 +8529,22 @@ Using a handcrafted message, remote code execution seems to be possible.</p> <affects> <package> <name>xorg-server</name> - <range><le>1.19.3</le></range> + <range><le>1.18.4_6,1</le></range> + <range><ge>1.19.0,1</ge><le>1.19.3,1</le></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>xorg-server developers reports:</p> <blockquote cite="http://www.securityfocus.com/bid/99546"> - <p>In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.</p> - <p>Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.</p> + <p>In the X.Org X server before 2017-06-19, a user authenticated to + an X Session could crash or execute code in the context of the X + Server by exploiting a stack overflow in the endianness conversion + of X Events.</p> + <p>Uninitialized data in endianness conversion in the XEvent handling + of the X.Org X Server before 2017-06-19 allowed authenticated + malicious users to access potentially privileged data from the X + server.</p> </blockquote> </body> </description> @@ -8556,6 +8563,7 @@ Using a handcrafted message, remote code execution seems to be possible.</p> <dates> <discovery>2017-07-06</discovery> <entry>2017-10-17</entry> + <modified>2018-05-20</modified> </dates> </vuln> |