Date: Fri, 22 Mar 2019 04:08:55 +0000 (UTC) From: Niclas Zeising <zeising@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r496547 - head/security/vuxml Message-ID: <201903220408.x2M48t0J029103@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: zeising Date: Fri Mar 22 04:08:55 2019 New Revision: 496547 URL: https://svnweb.freebsd.org/changeset/ports/496547 Log: Update the libXdmcp entry to make it clearer. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Mar 22 02:11:03 2019 (r496546) +++ head/security/vuxml/vuln.xml Fri Mar 22 04:08:55 2019 (r496547) @@ -132,8 +132,9 @@ Notes: <body xmlns="http://www.w3.org/1999/xhtml">; <p>The freedesktop and x.org project reports:</p> <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-2625">; - <p>It was discovered that libXdmcp before 1.1.3 including used weak - entropy to generate session keys. On a multi-user system using + <p>It was discovered that libXdmcp before 1.1.3 used weak + entropy to generate session keys on platforms without + arc4random_buf() but with getentropy(). On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.</p> @@ -150,6 +151,7 @@ Notes: <dates> <discovery>2017-04-04</discovery> <entry>2019-03-21</entry> + <modified>2019-03-22</modified> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201903220408.x2M48t0J029103>