From owner-freebsd-x11@freebsd.org  Fri Oct 26 03:47:15 2018
Return-Path: <owner-freebsd-x11@freebsd.org>
Delivered-To: freebsd-x11@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D196610D4605
 for <freebsd-x11@mailman.ysv.freebsd.org>;
 Fri, 26 Oct 2018 03:47:15 +0000 (UTC)
 (envelope-from pete@nomadlogic.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 7306B80D54
 for <freebsd-x11@freebsd.org>; Fri, 26 Oct 2018 03:47:15 +0000 (UTC)
 (envelope-from pete@nomadlogic.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 3832A10D4604; Fri, 26 Oct 2018 03:47:15 +0000 (UTC)
Delivered-To: x11@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 270FB10D4603
 for <x11@mailman.ysv.freebsd.org>; Fri, 26 Oct 2018 03:47:15 +0000 (UTC)
 (envelope-from pete@nomadlogic.org)
Received: from mail.nomadlogic.org (mail.nomadlogic.org [140.82.23.70])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mail.nomadlogic.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 9420E80D53
 for <x11@freebsd.org>; Fri, 26 Oct 2018 03:47:14 +0000 (UTC)
 (envelope-from pete@nomadlogic.org)
Received: from [192.168.1.190] (cpe-23-243-162-239.socal.res.rr.com
 [23.243.162.239])
 by mail.nomadlogic.org (OpenSMTPD) with ESMTPSA id 05bc8785
 TLS version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO;
 Thu, 25 Oct 2018 20:47:06 -0700 (PDT)
Subject: Re: Check your xorg version number.
To: Gladiola <gladiola@protonmail.com>, x11 <x11@freebsd.org>
References: <tkKSQm498efG8O5w78ERg822u4apuOmH2uHejnLalnre_pUgfCF3UTZJk0FSyz4TBbqH-6JLFz2iFnbdHmYD1V8_wYhRKVKilJ7J4owVhC0=@protonmail.com>
From: Pete Wright <pete@nomadlogic.org>
Message-ID: <d8853953-2c4e-bc3c-6f70-a126906acaef@nomadlogic.org>
Date: Thu, 25 Oct 2018 20:47:06 -0700
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101
 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <tkKSQm498efG8O5w78ERg822u4apuOmH2uHejnLalnre_pUgfCF3UTZJk0FSyz4TBbqH-6JLFz2iFnbdHmYD1V8_wYhRKVKilJ7J4owVhC0=@protonmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-BeenThere: freebsd-x11@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: X11 on FreeBSD -- maintaining and support <freebsd-x11.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-x11>,
 <mailto:freebsd-x11-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-x11/>
List-Post: <mailto:freebsd-x11@freebsd.org>
List-Help: <mailto:freebsd-x11-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-x11>,
 <mailto:freebsd-x11-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Oct 2018 03:47:16 -0000


On 10/25/18 7:19 PM, Gladiola via freebsd-x11 wrote:
> Maintainers:
>
> https://twitter.com/hackerfantastic/status/1055555359060807680?s=19
>
> https://nvd.nist.gov/vuln/detail/CVE-2018-14685

that CVE entry seems to correspond to a PHP issue unless i'm missing 
something.

perhaps this is what you are referring to:
https://lists.x.org/archives/xorg-announce/2018-October/002927.html

yea this is really not a good thing, although i believe we are 
accidentally OK since we are not running xorg-1.19.x yet in the ports tree:

"Privilege escalation and file overwrite in X.Org X server 1.19 and later"

regardless of that line I believe others on this list are looking 
closely into this regardless.

-pete


-- 
Pete Wright
pete@nomadlogic.org
@nomadlogicLA