Date: Tue, 1 Dec 2020 19:37:28 +0000 (UTC) From: Niclas Zeising <zeising@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r556787 - head/security/vuxml Message-ID: <202012011937.0B1JbSBr004223@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: zeising Date: Tue Dec 1 19:37:28 2020 New Revision: 556787 URL: https://svnweb.freebsd.org/changeset/ports/556787 Log: vuxml: document xorg-server vulnerabilities Document new vulnerabilities in xorg-server and sub ports: CVE-2020-14360 and CVE-2020-25712 These issues can lead to privileges elevations for authorized clients on systems where the X server is running privileged. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Dec 1 19:26:46 2020 (r556786) +++ head/security/vuxml/vuln.xml Tue Dec 1 19:37:28 2020 (r556787) @@ -58,6 +58,58 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="76c8b690-340b-11eb-a2b7-54e1ad3d6335"> + <topic>xorg-server -- Multiple input validation failures in X server XKB extension</topic> + <affects> + <package> + <name>xorg-server</name> + <range><lt>1.20.9_1,1</lt></range> + </package> + <package> + <name>xephyr</name> + <range><lt>1.20.9_1,1</lt></range> + </package> + <package> + <name>xorg-vfbserver</name> + <range><lt>1.20.9_1,1</lt></range> + </package> + <package> + <name>xorg-nestserver</name> + <range><lt>1.20.9_1,1</lt></range> + </package> + <package> + <name>xwayland</name> + <range><lt>1.20.9_2,1</lt></range> + </package> + <package> + <name>xorg-dmx</name> + <range><lt>1.20.9_1,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The X.org project reports:</p> + <blockquote cite="https://lists.x.org/archives/xorg-announce/2020-December/003066.html">; + <p>These issues can lead to privileges elevations for authorized + clients on systems where the X server is running privileged.</p> + <p>Insufficient checks on the lengths of the XkbSetMap request can + lead to out of bounds memory accesses in the X server.</p> + <p>Insufficient checks on input of the XkbSetDeviceInfo request can + lead to a buffer overflow on the head in the X server.</p> + </blockquote> + </body> + </description> + <references> + <url>https://lists.x.org/archives/xorg-announce/2020-December/003066.html</url>; + <cvename>CVE-2020-14360</cvename> + <cvename>CVE-2020-25712</cvename> + </references> + <dates> + <discovery>2020-12-01</discovery> + <entry>2020-12-01</entry> + </dates> + </vuln> + <vuln vid="618010ff-3044-11eb-8112-000c292ee6b8"> <topic>nomad -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202012011937.0B1JbSBr004223>