From nobody Sun May 31 05:25:51 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gSltz1Yl8z6fyk1 for ; Sun, 31 May 2026 05:26:19 +0000 (UTC) (envelope-from ish@ish.org) Received: from peach.ish.org (peach.ish.org [163.44.100.113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.ish.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gSltv4Tpkz3J0t for ; Sun, 31 May 2026 05:26:15 +0000 (UTC) (envelope-from ish@ish.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ish.org header.s=54d26185-a057-8857-582c-09c040ed7013 header.b=aVXuTYmD; dmarc=pass (policy=reject) header.from=ish.org; spf=pass (mx1.freebsd.org: domain of ish@ish.org designates 163.44.100.113 as permitted sender) smtp.mailfrom=ish@ish.org Received: from mango.ish.org (mango.ish.org [IPv6:2400:4050:9d20:2c00:0:0:0:11]) (authenticated bits=0) by peach.ish.org (8.18.2/8.18.2) with ESMTPSA id 64V5Q3xj078087 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Sun, 31 May 2026 14:26:05 +0900 (JST) (envelope-from ish@ish.org) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ish.org; s=54d26185-a057-8857-582c-09c040ed7013; t=1780205166; bh=LkC05FXvssKgwjr1/jNWVrd+2sSI9ega0RgJEgtigME=; h=Date:To:Subject:From; b=aVXuTYmDl0EXCVDxfOPynJ60/q1UA7D+U0rjdnYxhmkTgtkG9FWX+upo1BH3Zj1GN /eyffARA8KIxaUy7oIKWVlOBElXvPUe7Cah3XYRCczlzWx6i8gife2ZcKoWDeSwPFB YF4wVqp10NPje5wXstOPOv3viPXi6dCqwGHYgekk= Date: Sun, 31 May 2026 14:25:51 +0900 (JST) Message-Id: <20260531.142551.167441309236637198.ish@ish.org> To: freebsd-security@freebsd.org Subject: Why xorg-server-21.1.22,1 is vulnerable From: Masachika ISHIZUKA X-Mailer: Mew version 6.11 on Emacs 30.2 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.4 (peach.ish.org [IPv6:2400:8500:2002:3188:163:44:100:113]); Sun, 31 May 2026 14:26:06 +0900 (JST) X-Spamd-Result: default: False [-2.30 / 15.00]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; MV_CASE(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[ish.org,reject]; R_DKIM_ALLOW(-0.20)[ish.org:s=54d26185-a057-8857-582c-09c040ed7013]; ONCE_RECEIVED(0.20)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:58791, ipnet:163.44.100.0/24, country:JP]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_TLS_ALL(0.00)[]; DKIM_TRACE(0.00)[ish.org:+] X-Spamd-Bar: -- X-Rspamd-Queue-Id: 4gSltv4Tpkz3J0t Hi. # pkg audit -F vulnxml file up-to-date [snip] xorg-server-21.1.22,1 is vulnerable: xorg-server -- Multiple vulnerabilities CVE: CVE-2026-34003 CVE: CVE-2026-34002 CVE: CVE-2026-34001 CVE: CVE-2026-34000 CVE: CVE-2026-33999 WWW: https://vuxml.FreeBSD.org/freebsd/7b6463c6-3813-11f1-a284-589cfc10a551.html Is this true ? -- Masachika ISHIZUKA