Date: Sat, 6 Mar 2004 16:17:23 -0500 (EST) From: Trevor Johnson <trevor@jpj.net> To: Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?= <des@des.no> Cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/x11/linux-XFree86-libs Makefile distinfo.i386 Message-ID: <20040306153749.R55348@blues.jpj.net> In-Reply-To: <xzpvflhu3nf.fsf@dwp.des.no> References: <200403041722.i24HMSLN083120@repoman.freebsd.org> <xzpvflhu3nf.fsf@dwp.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling [iso-8859-1] Smørgrav wrote: > Trevor Johnson <trevor@FreeBSD.org> writes: > > Log: > > Update to version 4.3.0-2.90.55 due to several security bugs > > (discovered by iDefense and David Dawes) in the parsing of font > > files and the font.alias file which can give root privileges to > > local users. [...] > > This is pointless as the bug in question only affects the server. I hadn't noticed that--when I glanced at <URL:ftp://ftp.xfree86.org/pub/XFree86/4.3.0/fixes/fontfile.diff>, which addresses these bugs, it looked like the problem was in the X libraries, not the server. Anyway, keeping the old PORTVERSION would have been unwieldy: I would have had to use MASTER_SITE_LOCAL. -- Trevor Johnson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040306153749.R55348>