Security Flaw in xorg-client?
Eric Anholt
eta at lclark.edu
Wed Jul 7 12:29:55 PDT 2004
On Mon, 2004-07-05 at 17:20, Michael Edenfield wrote:
> My nightly security scan has been complaining lately about this:
>
> Affected package: xorg-clients-6.7.0
> Type of problem: XFree86 opens a chooserFd TCP socket even when
> DisplayManager.requestPort is 0.
>
> 1) Am I correct that this issue is related to xdm, so if I'm running a
> replacement and/or not running a display manager this isn't an issue?
>
> 2) Is this bug really shared by XF86 and Xorg, and the description needs
> updating, or is it just picking up xdm and assuming it's a broken XF86
> version, or what?
I fixed this yesterday.
1) correct.
2) It was an issue in xorg, though the updated xf86 4.4 ports in gnats
were also suceptible. Both are fixed now.
--
Eric Anholt eta at lclark.edu
http://people.freebsd.org/~anholt/ anholt at FreeBSD.org
More information about the freebsd-ports
mailing list