Date: Thu, 24 Dec 2015 12:55:24 +0000 From: bugzilla-noreply@freebsd.org To: emulation@FreeBSD.org Subject: [Bug 205578] x11/linux-c6-xorg-libs Message-ID: <bug-205578-4077@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205578 Bug ID: 205578 Summary: x11/linux-c6-xorg-libs Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: emulation@FreeBSD.org Reporter: terry-freebsd@glaver.org Assignee: emulation@FreeBSD.org Flags: maintainer-feedback?(emulation@FreeBSD.org) "pkg audit" has been reporting: linux-c6-xorg-libs-7.4_3 is vulnerable: libXfont -- BDF parsing issues CVE: CVE-2015-1804 CVE: CVE-2015-1803 CVE: CVE-2015-1802 WWW: https://vuxml.FreeBSD.org/freebsd/f7d79fac-cd49-11e4-898f-bcaec565249c.html for quite some time now. It appears that the underlying vulnerability has been fixed by Red Hat since September: https://rhn.redhat.com/errata/RHSA-2015-1708.html#Red%20Hat%20Enterprise%20Linux%20Desktop%20%28v.%206%29 and made it into the CentOS patch repository on the same day: http://mirror.centos.org/centos/6/updates/i386/Packages/libXfont-1.4.5-5.el6_7.i686.rpm Is it possible to get this fix merged into our linux-c6-xorg-libs port? Also, the vuln.xml entry needs to be updated after this, as it wildcards all versions of linux-c6-xorg-libs as vulnerable with <range><ge>*</ge></range>. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-205578-4077>