From owner-freebsd-ports@FreeBSD.ORG Mon Dec 27 20:33:30 2004 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 435FD16A4CE for ; Mon, 27 Dec 2004 20:33:30 +0000 (GMT) Received: from obsecurity.dyndns.org (CPE0050040655c8-CM00111ae02aac.cpe.net.cable.rogers.com [69.199.47.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 094FC43D1D for ; Mon, 27 Dec 2004 20:33:30 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 2D826514EE; Mon, 27 Dec 2004 12:32:06 -0800 (PST) Date: Mon, 27 Dec 2004 12:32:06 -0800 From: Kris Kennaway To: Rene Ladan Message-ID: <20041227203205.GA76108@xor.obsecurity.org> References: <20041227202231.GA15731@82-168-140-74-bbxl.xdsl.tiscali.nl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="wac7ysb48OaltWcw" Content-Disposition: inline In-Reply-To: <20041227202231.GA15731@82-168-140-74-bbxl.xdsl.tiscali.nl> User-Agent: Mutt/1.4.2.1i cc: freebsd-ports@freebsd.org Subject: Re: open-motif-2.2.3 and X.Org 6.8.1 security X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Dec 2004 20:33:30 -0000 --wac7ysb48OaltWcw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Dec 27, 2004 at 09:22:31PM +0100, Rene Ladan wrote: > Hi, >=20 > I still get this one in my daily security check: >=20 > ----- Forwarded message from Charlie Root >=20 > Date: Mon, 27 Dec 2004 03:05:12 +0100 (CET) >=20 > [..snip..] >=20 > Checking for a current audit database: >=20 > Downloading fresh database. > auditfile.tbz 16 kB 29 kBps > New database installed. > Database created: Mon Dec 27 02:40:22 CET 2004 >=20 > Checking for packages with security vulnerabilities: >=20 > Affected package: open-motif-2.2.3 > Type of problem: xpm -- image decoding vulnerabilities. > Reference: >=20 > [..snip..] >=20 > ----- End forwarded message ----- >=20 > With X.Org 6.8.1 installed, is this still a vulnerability? Presumably since it's code included within open-motif. You should talk to the port maintainer and software authors about fixing it. Kris --wac7ysb48OaltWcw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFB0HFFWry0BWjoQKURAr13AJ44E6MFLabtGbeX3FvrLqElUaNjcgCeL+iG l8qbn05jPDNsdxwfAKhLgIY= =IJrU -----END PGP SIGNATURE----- --wac7ysb48OaltWcw--