Bug 107733 - update for x11-servers/xorg-server: multiple vulnerabilities
Summary: update for x11-servers/xorg-server: multiple vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-x11 (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-01-10 10:00 UTC by Eygene Ryabinkin
Modified: 2007-01-27 20:30 UTC (History)
1 user (show)

See Also:


Attachments
CVE-2006-3739-3740-6102-6103-6104.diff (9.20 KB, patch)
2007-01-10 10:00 UTC, Eygene Ryabinkin
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Eygene Ryabinkin 2007-01-10 10:00:30 UTC
Two patches was issued by X.org that are fixing
- CVE-2006-6101 CVE-2006-6102 CVE-2006-6103,
- CVE-2006-2006-3739 and CVE 2006-3740.
Current xorg-server-6.9.0_5 misses them.

Fix: The patch that incorporates original vendor patches and bumps the
portrevision is attached. Original patch x11r6.9.0-dbe-render.diff was
modified: made proper patchfile locations by adding 'programs/Xserver/'
to patch file locations. The code was untouched.
How-To-Repeat: Go to http://xorg.freedesktop.org/releases/X11R6.9.0/patches/index.html
and read entries about aforementioned vulnerabilities.
Comment 1 Edwin Groothuis freebsd_committer 2007-01-10 10:00:40 UTC
Responsible Changed
From-To: freebsd-ports-bugs->freebsd-x11

Over to maintainer
Comment 2 dfilter service freebsd_committer 2007-01-27 20:22:27 UTC
lesi        2007-01-27 20:22:20 UTC

  FreeBSD ports repository

  Modified files:
    x11-servers/xorg-server Makefile distinfo 
  Log:
  Add vendor patch preventing overwiting of data on the stack or other
  parts of server by dbe and render extensions.
  
  PR:             ports/107733
  Security:       CVE-2006-6101 CVE-2006-6102 CVE-2006-6103
  
  Revision  Changes    Path
  1.41      +6 -1      ports/x11-servers/xorg-server/Makefile
  1.6       +3 -0      ports/x11-servers/xorg-server/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 dfilter service freebsd_committer 2007-01-27 20:25:27 UTC
lesi        2007-01-27 20:24:58 UTC

  FreeBSD ports repository

  Modified files:
    x11/xorg-libraries   Makefile distinfo 
  Log:
  Add vendor patch preventing arbitrary code execution or denial of
  service by adding malicious font to X server font path.
  
  PR:             ports/107733
  Security:       CVE-2006-3739, CVE 2006-3740
  
  Revision  Changes    Path
  1.16      +5 -0      ports/x11/xorg-libraries/Makefile
  1.6       +3 -0      ports/x11/xorg-libraries/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 lesi freebsd_committer 2007-01-27 20:25:42 UTC
State Changed
From-To: open->closed

Rather than putting patches in files, vendor patches are used directly. 
Note that CVE-2006-3739 and CVE-2006-3740 apply to libraries rather than server. 
Thanks!