CVE-2017-12176 through CVE-2017-12187 were fixed in head but have not been fixed in 2017Q4.
A commit references this bug:
Date: Sat Dec 9 16:59:16 UTC 2017
New revision: 455866
Fix security issues: CVE-2017-12176 through CVE-2017-12187 in xorg-server.
Bump all the slaves due to not being sure where the shared code is used.
Approved by: ports-secteam (eadler)
(In reply to commit-hook from comment #2)
> A commit references this bug:
> Author: zeising
> MFH: r452027
> Bump all the slaves due to not being sure where the shared code is used.
Why do we not know where the shared code is used? Shouldn't that have been
found, rather than forcing a rebuild on everything?
Because rebuilding all slave ports isn't really a problem, and it takes too much time and effort to dig into the xorg internals and figure out exactly how the varios X servers share code. I'd prefer to use my time for other more productive things, especially when this only adds a couple of minutes of build time.