Date: Tue, 02 Jun 2026 14:34:51 +0900 (JST) From: Masachika ISHIZUKA <ish@ish.org> To: freebsd-security@freebsd.org Subject: Re: Why xorg-server-21.1.22,1 is vulnerable Message-ID: <20260602.143451.2150003014644123489.ish@ish.org> In-Reply-To: <202606011447.651ElC4B019060@higson.cam.lispworks.com> References: <20260531.142551.167441309236637198.ish@ish.org> <202606011447.651ElC4B019060@higson.cam.lispworks.com>
index | next in thread | previous in thread | raw e-mail
>> # pkg audit -F >> vulnxml file up-to-date >> [snip] >> xorg-server-21.1.22,1 is vulnerable: >> xorg-server -- Multiple vulnerabilities >> CVE: CVE-2026-34003 >> CVE: CVE-2026-34002 >> CVE: CVE-2026-34001 >> CVE: CVE-2026-34000 >> CVE: CVE-2026-33999 >> WWW: https://vuxml.FreeBSD.org/freebsd/7b6463c6-3813-11f1-a284-589cfc10a551.html >> >> Is this true ? > > The VuxML for xorg-server looks wrong to me now. > > It says xorg-server < 21.1.22,2 but xorg-server is at epoch 1, not 2. Thank you. Vuxml has been updated and now displays correctly. # pkg audit -F [snip] xorg-server-21.1.22,1 is vulnerable: xorg-server -- Multiple vulnerabilities CVE: ZDI-CAN-30168 CVE: ZDI-CAN-30165 CVE: ZDI-CAN-30164 CVE: ZDI-CAN-30163 CVE: ZDI-CAN-30161 CVE: ZDI-CAN-30160 CVE: ZDI-CAN-30159 CVE: ZDI-CAN-30136 WWW: https://vuxml.FreeBSD.org/freebsd/592ced15-5e20-11f1-86a2-589cfc10a551.html -- Masachika ISHIZUKAhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20260602.143451.2150003014644123489.ish>