Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Oct 2012 04:13:28 +0000 (UTC)
From:      Jason Helfman <jgh@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r306051 - head/security/vuxml
Message-ID:  <201210180413.q9I4DS2s041297@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: jgh
Date: Thu Oct 18 04:13:27 2012
New Revision: 306051
URL: http://svn.freebsd.org/changeset/ports/306051

Log:
  - clarify end-user impact for 57652765-18aa-11e2-8382-00a0d181e71d
  Suggested by:	simon@
  Feature safe:	yes

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Thu Oct 18 02:10:10 2012	(r306050)
+++ head/security/vuxml/vuln.xml	Thu Oct 18 04:13:27 2012	(r306051)
@@ -64,17 +64,10 @@ Note:  Please add new entries to the beg
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>Ignatios Souvatzis of NetBSD reports:</p>
 	<blockquote cite="http://www.openwall.com/lists/oss-security/2012/10/17/10">;
-	  <p>localtime accesses a (in the discovered case) 64bit value, which
-	    is likely not to be valid, and returns a null pointer as an error
-	    indication. The code in dclock.c does not check for this but,
-	    depending on additional command-line options, either dereferences
-	    the pointer or passes it to strftime() unconditionally, which in
-	    turn triggers a segmentation fault, terminating the program and
-	    leaving the terminal unlocked.</p>
-	  <p>While this is unexpected, the dangerous case is where
-	    "xlockmore -mode random" calls the mode "dclock" after a while,
-	    when the user has left the terminal, not noticing that it will
-	    (eventually) be unlocked.</p>
+	  <p>Due to an error in the dclock screensaver in xlockmore, users who
+	    explicitly use this screensaver or a random mix of screensavers using
+	    something like "xlockmore -mode random" may have their screen unlocked
+	    unexpectedly at a random time.</p>
 	</blockquote>
       </body>
     </description>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210180413.q9I4DS2s041297>