From owner-cvs-all@FreeBSD.ORG  Thu Feb 19 08:46:32 2004
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id D0D2316A4CE; Thu, 19 Feb 2004 08:46:32 -0800 (PST)
Received: from smtp.des.no (flood.des.no [217.116.83.31])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 9E8A043D1D; Thu, 19 Feb 2004 08:46:32 -0800 (PST)
	(envelope-from des@des.no)
Received: by smtp.des.no (Pony Express, from userid 666)
	id 857A75309; Thu, 19 Feb 2004 17:46:31 +0100 (CET)
Received: from dwp.des.no (des.no [80.203.228.37])
	by smtp.des.no (Pony Express) with ESMTP
	id 5492B5308; Thu, 19 Feb 2004 17:46:24 +0100 (CET)
Received: by dwp.des.no (Postfix, from userid 2602)
	id D8B2933C6F; Thu, 19 Feb 2004 17:46:23 +0100 (CET)
To: Oliver Eikemeier <eik@FreeBSD.org>
References: <200402190211.i1J2B17h086522@repoman.freebsd.org>
From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=)
Date: Thu, 19 Feb 2004 17:46:23 +0100
In-Reply-To: <200402190211.i1J2B17h086522@repoman.freebsd.org> (Oliver
 Eikemeier's message of "Wed, 18 Feb 2004 18:11:01 -0800 (PST)")
Message-ID: <xzpllmzuie8.fsf@dwp.des.no>
User-Agent: Gnus/5.090024 (Oort Gnus v0.24) Emacs/21.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on flood.des.no
X-Spam-Level: 
X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.63
cc: cvs-ports@FreeBSD.org
cc: cvs-all@FreeBSD.org
cc: ports-committers@FreeBSD.org
Subject: Re: cvs commit: ports/security/vuxml vuln.xml
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Feb 2004 16:46:33 -0000

Oliver Eikemeier <eik@FreeBSD.org> writes:
>   Log:
>   XFree86-Server-4.3.0_14 is the fixed version

Thanks.

I should point out though I have personally verified that the exploit
in the advisory does not work against 4.3.0_13 nor 4.3.99.15_1.  The
only practical difference I noticed between the first and second
version of the patch was better error reporting.  Still, there might
be other ways to exploit the bugs that were fixed in the final patch.

DES
--=20
Dag-Erling Sm=F8rgrav - des@des.no