Date: Wed, 04 Oct 2023 14:52:26 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 274266] x11/libX11: update vulnerable port to 1.8.7 Message-ID: <bug-274266-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274266 Bug ID: 274266 Summary: x11/libX11: update vulnerable port to 1.8.7 Product: Ports & Packages Version: Latest Hardware: Any URL: https://lists.x.org/archives/xorg/2023-October/061508. html OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: x11@FreeBSD.org Reporter: ps.ports@smyrak.com Assignee: x11@FreeBSD.org Flags: maintainer-feedback?(x11@FreeBSD.org) CC: Created attachment 245436 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D245436&action= =3Dedit patch for x11/libX11 X11 has published a security bulletin [1] that exposes the following CVEs in our x11/libX11 version 1.8.6: CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms() CVE-2023-43786: stack exhaustion from infinite recursion in PutSubImage() CVE-2023-43787: Integer overflow in XCreateImage() leading to a heap overfl= ow See changelog for a full list of changes in the release [2]. The attached patch bumps the Makefile, distinfo and updates the pkg-plist according to man pages reorganization. See also related report #274265 regarding x11/libXpm. 1. https://lists.x.org/archives/xorg/2023-October/061506.html 2. https://gitlab.freedesktop.org/xorg/lib/libx11/-/compare/libX11-1.8.6...lib= X11-1.8.7 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-274266-7788>