Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 1 Jun 2026 15:47:12 +0100
From:      Martin Simmons <martin@lispworks.com>
To:        Masachika ISHIZUKA <ish@ish.org>
Cc:        freebsd-security@freebsd.org, brnrd@freebsd.org
Subject:   Re: Why xorg-server-21.1.22,1 is vulnerable
Message-ID:  <202606011447.651ElC4B019060@higson.cam.lispworks.com>
In-Reply-To: <20260531.142551.167441309236637198.ish@ish.org> (message from Masachika ISHIZUKA on Sun, 31 May 2026 14:25:51 %2B0900 (JST))
References:   <20260531.142551.167441309236637198.ish@ish.org>
index | next in thread | previous in thread | raw e-mail 

[ brnrd@ added ]

>>>>> On Sun, 31 May 2026 14:25:51 +0900 (JST), Masachika ISHIZUKA said:
> 
> Hi.
> 
> # pkg audit -F
> vulnxml file up-to-date
> [snip]
> xorg-server-21.1.22,1 is vulnerable:
>   xorg-server -- Multiple vulnerabilities
>   CVE: CVE-2026-34003
>   CVE: CVE-2026-34002
>   CVE: CVE-2026-34001
>   CVE: CVE-2026-34000
>   CVE: CVE-2026-33999
>   WWW: https://vuxml.FreeBSD.org/freebsd/7b6463c6-3813-11f1-a284-589cfc10a551.html
> 
> Is this true ?

The VuxML for xorg-server looks wrong to me now.

It says xorg-server < 21.1.22,2 but xorg-server is at epoch 1, not 2.

__Martin
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202606011447.651ElC4B019060>