Date: Mon, 27 Dec 2004 12:32:06 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Rene Ladan <r.c.ladan@student.tue.nl> Cc: freebsd-ports@freebsd.org Subject: Re: open-motif-2.2.3 and X.Org 6.8.1 security Message-ID: <20041227203205.GA76108@xor.obsecurity.org> In-Reply-To: <20041227202231.GA15731@82-168-140-74-bbxl.xdsl.tiscali.nl> References: <20041227202231.GA15731@82-168-140-74-bbxl.xdsl.tiscali.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
--wac7ysb48OaltWcw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Dec 27, 2004 at 09:22:31PM +0100, Rene Ladan wrote: > Hi, >=20 > I still get this one in my daily security check: >=20 > ----- Forwarded message from Charlie Root <root@host> >=20 > Date: Mon, 27 Dec 2004 03:05:12 +0100 (CET) >=20 > [..snip..] >=20 > Checking for a current audit database: >=20 > Downloading fresh database. > auditfile.tbz 16 kB 29 kBps > New database installed. > Database created: Mon Dec 27 02:40:22 CET 2004 >=20 > Checking for packages with security vulnerabilities: >=20 > Affected package: open-motif-2.2.3 > Type of problem: xpm -- image decoding vulnerabilities. > Reference: <http://www.FreeBSD.org/ports/portaudit/ef253f8b-0727-11d9-b45= d-000c41e2cdad.html> >=20 > [..snip..] >=20 > ----- End forwarded message ----- >=20 > With X.Org 6.8.1 installed, is this still a vulnerability? Presumably since it's code included within open-motif. You should talk to the port maintainer and software authors about fixing it. Kris --wac7ysb48OaltWcw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFB0HFFWry0BWjoQKURAr13AJ44E6MFLabtGbeX3FvrLqElUaNjcgCeL+iG l8qbn05jPDNsdxwfAKhLgIY= =IJrU -----END PGP SIGNATURE----- --wac7ysb48OaltWcw--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041227203205.GA76108>