Date: Sat, 16 Mar 2019 17:56:24 +0000 From: bugzilla-noreply@freebsd.org To: x11@FreeBSD.org Subject: maintainer-feedback requested: [Bug 236578] x11/libXdmcp: Update to 1.1.3 Message-ID: <bug-236578-7141-vFg5fCkP6T@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-236578-7141@https.bugs.freebsd.org/bugzilla/> References: <bug-236578-7141@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-x11 mailing li= st <x11@FreeBSD.org> for maintainer-feedback: Bug 236578: x11/libXdmcp: Update to 1.1.3 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236578 --- Description --- Upstream release to address CVE-2017-2625: https://lists.freedesktop.org/archives/xorg/2019-March/059690.html libXdmcp is the X Display Manager Control Protocol library, used by both X servers and display managers to handle both ends of the XDMCP connection. This release provides a fix for CVE-2017-2625 for platforms which don't have arc4random_buf() in their default libraries but do have getentropy(), such as Linux platforms with a kernel version of 3.17 or newer and a glibc versi= on of 2.25 or newer. (libXdmcp 1.1.2 already ensured that arc4random_buf() is used on platforms that have it to provide sufficient entropy in XDMCP key generation, but left other platforms with the weaker methods. Linux platforms could also have linked against libbsd to use arc4random_buf() with libXdmcp 1.1.2 for stronger keys.)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-236578-7141-vFg5fCkP6T>