Summary: | x11-servers/xorg-server: Security vulnerabilities (CVE-2017-10971, CVE-2017-10972) | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | VK <vlad-fbsd> |
Component: | Individual Port(s) | Assignee: | freebsd-x11 (Nobody) <x11> |
Status: | Closed FIXED | ||
Severity: | Affects Some People | CC: | ports-secteam, rezny, shawn.webb, swills, zeising |
Priority: | --- | Keywords: | security |
Version: | Latest | Flags: | rezny:
maintainer-feedback+
|
Hardware: | Any | ||
OS: | Any | ||
URL: | https://bugzilla.suse.com/show_bug.cgi?id=1035283 |
Description
VK
2017-07-09 21:53:08 UTC
Thank you for pointing out those posts. I'll add these into the upcoming 1.19.3 update. Hello, any update? Also would it be a problem for you to write up the VuXML entry? Or please let me know version ranges this affects so I can submit one. I created the VuXML entry for these. VuXML entries for CVE-2017-13721 and CVE-2017-13723 still pending. A commit references this bug: Author: zeising Date: Sun May 20 13:18:48 UTC 2018 New revision: 470454 URL: https://svnweb.freebsd.org/changeset/ports/470454 Log: x11-servers/xorg-server: Backport security fixes Backport security fixes for CVE-2017-10971 and CVE-2017-10972 (yes, 2017). For some reason this was not done when the vulnerabilities were documented in VuXML, and a typo in the version range in VuXML meant that the entries never matched. This fixes a memory disclosure and a couple of buffer overruns. PR: 220584 Reported by: Vladimir Krstulja MFH: 2018Q2 Security: ab881a74-c016-4e6d-9f7d-68c8e7cedafb Changes: head/x11-servers/xorg-server/Makefile head/x11-servers/xorg-server/files/patch-CVE-2017-10971 head/x11-servers/xorg-server/files/patch-CVE-2017-10972 This is believed fixed now. Thank you for the report! A commit references this bug: Author: zeising Date: Wed May 23 16:45:37 UTC 2018 New revision: 470709 URL: https://svnweb.freebsd.org/changeset/ports/470709 Log: MFH: r470454 x11-servers/xorg-server: Backport security fixes Backport security fixes for CVE-2017-10971 and CVE-2017-10972 (yes, 2017). For some reason this was not done when the vulnerabilities were documented in VuXML, and a typo in the version range in VuXML meant that the entries never matched. This fixes a memory disclosure and a couple of buffer overruns. PR: 220584 Reported by: Vladimir Krstulja Security: ab881a74-c016-4e6d-9f7d-68c8e7cedafb Approved by: ports-secteam (riggs) Changes: _U branches/2018Q2/ branches/2018Q2/x11-servers/xorg-server/Makefile branches/2018Q2/x11-servers/xorg-server/files/patch-CVE-2017-10971 branches/2018Q2/x11-servers/xorg-server/files/patch-CVE-2017-10972 |