Date: Sat, 16 Mar 2019 17:56:24 +0000 From: bugzilla-noreply@freebsd.org To: x11@FreeBSD.org Subject: [Bug 236578] x11/libXdmcp: Update to 1.1.3 Message-ID: <bug-236578-7141@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236578 Bug ID: 236578 Summary: x11/libXdmcp: Update to 1.1.3 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: x11@FreeBSD.org Reporter: pete@nomadlogic.org Assignee: x11@FreeBSD.org Flags: maintainer-feedback?(x11@FreeBSD.org) Upstream release to address CVE-2017-2625: https://lists.freedesktop.org/archives/xorg/2019-March/059690.html libXdmcp is the X Display Manager Control Protocol library, used by both X servers and display managers to handle both ends of the XDMCP connection. This release provides a fix for CVE-2017-2625 for platforms which don't have arc4random_buf() in their default libraries but do have getentropy(), such as Linux platforms with a kernel version of 3.17 or newer and a glibc versi= on of 2.25 or newer. (libXdmcp 1.1.2 already ensured that arc4random_buf() is used on platforms that have it to provide sufficient entropy in XDMCP key generation, but left other platforms with the weaker methods. Linux platforms could also have linked against libbsd to use arc4random_buf() with libXdmcp 1.1.2 for stronger keys.) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-236578-7141>