[Bug 205578] x11/linux-c6-xorg-libs
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Dec 24 12:55:25 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205578
Bug ID: 205578
Summary: x11/linux-c6-xorg-libs
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: emulation at FreeBSD.org
Reporter: terry-freebsd at glaver.org
Assignee: emulation at FreeBSD.org
Flags: maintainer-feedback?(emulation at FreeBSD.org)
"pkg audit" has been reporting:
linux-c6-xorg-libs-7.4_3 is vulnerable:
libXfont -- BDF parsing issues
CVE: CVE-2015-1804
CVE: CVE-2015-1803
CVE: CVE-2015-1802
WWW:
https://vuxml.FreeBSD.org/freebsd/f7d79fac-cd49-11e4-898f-bcaec565249c.html
for quite some time now. It appears that the underlying vulnerability has been
fixed by Red Hat since September:
https://rhn.redhat.com/errata/RHSA-2015-1708.html#Red%20Hat%20Enterprise%20Linux%20Desktop%20%28v.%206%29
and made it into the CentOS patch repository on the same day:
http://mirror.centos.org/centos/6/updates/i386/Packages/libXfont-1.4.5-5.el6_7.i686.rpm
Is it possible to get this fix merged into our linux-c6-xorg-libs port?
Also, the vuln.xml entry needs to be updated after this, as it wildcards all
versions of linux-c6-xorg-libs as vulnerable with <range><ge>*</ge></range>.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-emulation
mailing list