svn commit: r306051 - head/security/vuxml
Jason Helfman
jgh at FreeBSD.org
Thu Oct 18 04:13:29 UTC 2012
Author: jgh
Date: Thu Oct 18 04:13:27 2012
New Revision: 306051
URL: http://svn.freebsd.org/changeset/ports/306051
Log:
- clarify end-user impact for 57652765-18aa-11e2-8382-00a0d181e71d
Suggested by: simon@
Feature safe: yes
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Oct 18 02:10:10 2012 (r306050)
+++ head/security/vuxml/vuln.xml Thu Oct 18 04:13:27 2012 (r306051)
@@ -64,17 +64,10 @@ Note: Please add new entries to the beg
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Ignatios Souvatzis of NetBSD reports:</p>
<blockquote cite="http://www.openwall.com/lists/oss-security/2012/10/17/10">
- <p>localtime accesses a (in the discovered case) 64bit value, which
- is likely not to be valid, and returns a null pointer as an error
- indication. The code in dclock.c does not check for this but,
- depending on additional command-line options, either dereferences
- the pointer or passes it to strftime() unconditionally, which in
- turn triggers a segmentation fault, terminating the program and
- leaving the terminal unlocked.</p>
- <p>While this is unexpected, the dangerous case is where
- "xlockmore -mode random" calls the mode "dclock" after a while,
- when the user has left the terminal, not noticing that it will
- (eventually) be unlocked.</p>
+ <p>Due to an error in the dclock screensaver in xlockmore, users who
+ explicitly use this screensaver or a random mix of screensavers using
+ something like "xlockmore -mode random" may have their screen unlocked
+ unexpectedly at a random time.</p>
</blockquote>
</body>
</description>
More information about the svn-ports-head
mailing list