FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2023-05-31 15:52:08 UTC

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
7274e0cc-575f-41bc-8619-14a41b3c2ad0	xorg-server -- multiple vulnerabilities Adam Jackson reports: One regression fix since 1.19.4 (mea culpa), and fixes for CVEs 2017-12176 through 2017-12187. Discovery 2017-10-12 Entry 2017-10-13 xephyr < 1.18.4_5,1 xorg-dmx < 1.18.4_5,1 xorg-nestserver < 1.19.1_2,2 xorg-server < 1.18.4_5,1 xorg-vfbserver < 1.19.1_2,1 xwayland < 1.19.1_2 https://lists.x.org/archives/xorg-announce/2017-October/002814.html CVE-2017-12176 CVE-2017-12177 CVE-2017-12178 CVE-2017-12179 CVE-2017-12180 CVE-2017-12181 CVE-2017-12182 CVE-2017-12183 CVE-2017-12184 CVE-2017-12185 CVE-2017-12186 CVE-2017-12187
ffa15b3b-e6f6-11ea-8cbf-54e1ad3d6335	xorg-server -- Multiple input validation failures in X server extensions The X.org project reports: All theses issuses can lead to local privileges elevation on systems where the X server is running privileged. The handler for the XkbSetNames request does not validate the request length before accessing its contents. An integer underflow exists in the handler for the XIChangeHierarchy request. An integer underflow exist in the handler for the XkbSelectEvents request. An integer underflow exist in the handler for the CreateRegister request of the X record extension. Discovery 2020-08-25 Entry 2020-08-25 xorg-server < 1.20.8_4,1 xephyr < 1.20.8_4,1 xorg-vfbserver < 1.20.8_4,1 xorg-nestserver < 1.20.8_4,1 xwayland < 1.20.8_4,1 xorg-dmx < 1.20.8_4,1 CVE-2020-14345 CVE-2020-14346 CVE-2020-14361 CVE-2020-14362 https://lists.x.org/archives/xorg-announce/2020-August/003058.html
3c7ba82a-d3fb-11ea-9aba-0c9d925bbbc0	xorg-server -- Pixel Data Uninitialized Memory Information Disclosure The X.org project reports: Allocation for pixmap data in AllocatePixmap() does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges. This flaw can lead to ASLR bypass, which when combined with other flaws (known/unknown) could lead to lead to privilege elevation in the client. Discovery 2020-07-31 Entry 2020-08-01 xorg-server < 1.20.8_3,1 xephyr < 1.20.8_3,1 xorg-vfbserver < 1.20.8_3,1 xorg-nestserver < 1.20.8_3,1 xwayland < 1.20.8_3,1 xorg-dmx < 1.20.8_3,1 https://lists.x.org/archives/xorg-announce/2020-July/003051.html CVE-2020-14347
4f8ffb9c-f388-4fbd-b90f-b3131559d888	xorg-server -- multiple vulnerabilities Alan Coopersmith reports: X.Org thanks Michal Srb of SuSE for finding these issues and bringing them to our attention, Julien Cristau of Debian for getting the fixes integrated, and Adam Jackson of Red Hat for publishing the release. Discovery 2017-10-04 Entry 2017-10-09 xephyr < 1.18.4_4,1 xorg-dmx < 1.18.4_4,1 xorg-nestserver < 1.19.1_1,2 xorg-server < 1.18.4_4,1 xorg-vfbserver < 1.19.1_1,1 xwayland < 1.19.1_1 https://lists.x.org/archives/xorg-announce/2017-October/002809.html CVE-2017-13721 CVE-2017-13723
76c8b690-340b-11eb-a2b7-54e1ad3d6335	xorg-server -- Multiple input validation failures in X server XKB extension The X.org project reports: These issues can lead to privileges elevations for authorized clients on systems where the X server is running privileged. Insufficient checks on the lengths of the XkbSetMap request can lead to out of bounds memory accesses in the X server. Insufficient checks on input of the XkbSetDeviceInfo request can lead to a buffer overflow on the head in the X server. Discovery 2020-12-01 Entry 2020-12-01 xorg-server < 1.20.9_1,1 xephyr < 1.20.9_1,1 xorg-vfbserver < 1.20.9_1,1 xorg-nestserver < 1.20.9_1,1 xwayland < 1.20.9_2,1 xorg-dmx < 1.20.9_1,1 https://lists.x.org/archives/xorg-announce/2020-December/003066.html CVE-2020-14360 CVE-2020-25712