Date: Wed, 07 Jul 2004 12:29:53 -0700 From: Eric Anholt <eta@lclark.edu> To: Michael Edenfield <kutulu@kutulu.org> Cc: ports@freebsd.org Subject: Re: Security Flaw in xorg-client? Message-ID: <1089228592.879.9.camel@leguin> In-Reply-To: <20040706002005.GA67491@wombat.jungle> References: <20040706002005.GA67491@wombat.jungle>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2004-07-05 at 17:20, Michael Edenfield wrote: > My nightly security scan has been complaining lately about this: > > Affected package: xorg-clients-6.7.0 > Type of problem: XFree86 opens a chooserFd TCP socket even when > DisplayManager.requestPort is 0. > > 1) Am I correct that this issue is related to xdm, so if I'm running a > replacement and/or not running a display manager this isn't an issue? > > 2) Is this bug really shared by XF86 and Xorg, and the description needs > updating, or is it just picking up xdm and assuming it's a broken XF86 > version, or what? I fixed this yesterday. 1) correct. 2) It was an issue in xorg, though the updated xf86 4.4 ports in gnats were also suceptible. Both are fixed now. -- Eric Anholt eta@lclark.edu http://people.freebsd.org/~anholt/ anholt@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1089228592.879.9.camel>