Date: Thu, 24 Dec 2015 12:55:24 +0000 From: bugzilla-noreply@freebsd.org To: emulation@FreeBSD.org Subject: maintainer-feedback requested: [Bug 205578] x11/linux-c6-xorg-libs Message-ID: <bug-205578-4077-FwvTw0UkjN@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-205578-4077@https.bugs.freebsd.org/bugzilla/> References: <bug-205578-4077@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
Terry Kennedy <terry-freebsd@glaver.org> has reassigned Bugzilla Automation <bugzilla@FreeBSD.org>'s request for maintainer-feedback to emulation@FreeBSD.org: Bug 205578: x11/linux-c6-xorg-libs https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205578 --- Description --- "pkg audit" has been reporting: linux-c6-xorg-libs-7.4_3 is vulnerable: libXfont -- BDF parsing issues CVE: CVE-2015-1804 CVE: CVE-2015-1803 CVE: CVE-2015-1802 WWW: https://vuxml.FreeBSD.org/freebsd/f7d79fac-cd49-11e4-898f-bcaec565249c.html for quite some time now. It appears that the underlying vulnerability has been fixed by Red Hat since September: https://rhn.redhat.com/errata/RHSA-2015-1708.html#Red%20Hat%20Enterprise%20Linu x%20Desktop%20%28v.%206%29 and made it into the CentOS patch repository on the same day: http://mirror.centos.org/centos/6/updates/i386/Packages/libXfont-1.4.5-5.el6_7. i686.rpm Is it possible to get this fix merged into our linux-c6-xorg-libs port? Also, the vuln.xml entry needs to be updated after this, as it wildcards all versions of linux-c6-xorg-libs as vulnerable with <range><ge>*</ge></range>.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-205578-4077-FwvTw0UkjN>