[Bug 236578] x11/libXdmcp: Update to 1.1.3
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Mar 16 17:56:27 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236578
Bug ID: 236578
Summary: x11/libXdmcp: Update to 1.1.3
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: x11 at FreeBSD.org
Reporter: pete at nomadlogic.org
Assignee: x11 at FreeBSD.org
Flags: maintainer-feedback?(x11 at FreeBSD.org)
Upstream release to address CVE-2017-2625:
https://lists.freedesktop.org/archives/xorg/2019-March/059690.html
libXdmcp is the X Display Manager Control Protocol library, used by both
X servers and display managers to handle both ends of the XDMCP connection.
This release provides a fix for CVE-2017-2625 for platforms which don't have
arc4random_buf() in their default libraries but do have getentropy(), such
as Linux platforms with a kernel version of 3.17 or newer and a glibc version
of 2.25 or newer. (libXdmcp 1.1.2 already ensured that arc4random_buf()
is used on platforms that have it to provide sufficient entropy in XDMCP
key generation, but left other platforms with the weaker methods. Linux
platforms could also have linked against libbsd to use arc4random_buf()
with libXdmcp 1.1.2 for stronger keys.)
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-x11
mailing list