From ee81885cf13763e52e9f9357dcc291e62b61682c Mon Sep 17 00:00:00 2001
From: zeising <zeising@FreeBSD.org>
Date: Fri, 22 Mar 2019 04:08:55 +0000
Subject: Update the libXdmcp entry to make it clearer.

---
 security/vuxml/vuln.xml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'security')

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 6d4957094a92..7f30d5b1ef3c 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -132,8 +132,9 @@ Notes:
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The freedesktop and x.org project reports:</p>
 	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-2625">
-	  <p>It was discovered that libXdmcp before 1.1.3 including used weak
-	    entropy to generate session keys. On a multi-user system using
+	  <p>It was discovered that libXdmcp before 1.1.3 used weak
+	    entropy to generate session keys on platforms without
+	    arc4random_buf() but with getentropy(). On a multi-user system using
 	    xdmcp, a local attacker could potentially use information available
 	    from the process list to brute force the key, allowing them to
 	    hijack other users' sessions.</p>
@@ -150,6 +151,7 @@ Notes:
     <dates>
       <discovery>2017-04-04</discovery>
       <entry>2019-03-21</entry>
+      <modified>2019-03-22</modified>
     </dates>
   </vuln>
 
-- 
cgit