From owner-freebsd-ports@FreeBSD.ORG  Mon Dec 27 20:33:30 2004
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 435FD16A4CE
	for <freebsd-ports@freebsd.org>; Mon, 27 Dec 2004 20:33:30 +0000 (GMT)
Received: from obsecurity.dyndns.org
	(CPE0050040655c8-CM00111ae02aac.cpe.net.cable.rogers.com [69.199.47.57])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 094FC43D1D
	for <freebsd-ports@freebsd.org>;
	Mon, 27 Dec 2004 20:33:30 +0000 (GMT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 2D826514EE; Mon, 27 Dec 2004 12:32:06 -0800 (PST)
Date: Mon, 27 Dec 2004 12:32:06 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Rene Ladan <r.c.ladan@student.tue.nl>
Message-ID: <20041227203205.GA76108@xor.obsecurity.org>
References: <20041227202231.GA15731@82-168-140-74-bbxl.xdsl.tiscali.nl>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="wac7ysb48OaltWcw"
Content-Disposition: inline
In-Reply-To: <20041227202231.GA15731@82-168-140-74-bbxl.xdsl.tiscali.nl>
User-Agent: Mutt/1.4.2.1i
cc: freebsd-ports@freebsd.org
Subject: Re: open-motif-2.2.3 and X.Org 6.8.1 security
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Dec 2004 20:33:30 -0000


--wac7ysb48OaltWcw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Dec 27, 2004 at 09:22:31PM +0100, Rene Ladan wrote:
> Hi,
>=20
> I still get this one in my daily security check:
>=20
> ----- Forwarded message from Charlie Root <root@host>
>=20
> Date: Mon, 27 Dec 2004 03:05:12 +0100 (CET)
>=20
> [..snip..]
>=20
> Checking for a current audit database:
>=20
> Downloading fresh database.
> auditfile.tbz                                           16 kB   29 kBps
> New database installed.
> Database created: Mon Dec 27 02:40:22 CET 2004
>=20
> Checking for packages with security vulnerabilities:
>=20
> Affected package: open-motif-2.2.3
> Type of problem: xpm -- image decoding vulnerabilities.
> Reference: <http://www.FreeBSD.org/ports/portaudit/ef253f8b-0727-11d9-b45=
d-000c41e2cdad.html>
>=20
> [..snip..]
>=20
> ----- End forwarded message -----
>=20
> With X.Org 6.8.1 installed, is this still a vulnerability?

Presumably since it's code included within open-motif.  You should
talk to the port maintainer and software authors about fixing it.

Kris

--wac7ysb48OaltWcw
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFB0HFFWry0BWjoQKURAr13AJ44E6MFLabtGbeX3FvrLqElUaNjcgCeL+iG
l8qbn05jPDNsdxwfAKhLgIY=
=IJrU
-----END PGP SIGNATURE-----

--wac7ysb48OaltWcw--