FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
7274e0cc-575f-41bc-8619-14a41b3c2ad0xorg-server -- multiple vulnabilities

Adam Jackson reports:

One regression fix since 1.19.4 (mea culpa), and fixes for CVEs 2017-12176 through 2017-12187.


Discovery 2017-10-12
Entry 2017-10-13
xephyr
lt 1.18.4_5,1

xorg-dmx
lt 1.18.4_5,1

xorg-nestserver
lt 1.19.1_2,2

xorg-server
lt 1.18.4_5,1

xorg-vfbserver
lt 1.19.1_2,1

xwayland
lt 1.19.1_2

https://lists.x.org/archives/xorg-announce/2017-October/002814.html
CVE-2017-12176
CVE-2017-12177
CVE-2017-12178
CVE-2017-12179
CVE-2017-12180
CVE-2017-12181
CVE-2017-12182
CVE-2017-12183
CVE-2017-12184
CVE-2017-12185
CVE-2017-12186
CVE-2017-12187
ffa15b3b-e6f6-11ea-8cbf-54e1ad3d6335xorg-server -- Multiple input validation failures in X server extensions

The X.org project reports:

All theses issuses can lead to local privileges elevation on systems where the X server is running privileged.

The handler for the XkbSetNames request does not validate the request length before accessing its contents.

An integer underflow exists in the handler for the XIChangeHierarchy request.

An integer underflow exist in the handler for the XkbSelectEvents request.

An integer underflow exist in the handler for the CreateRegister request of the X record extension.


Discovery 2020-08-25
Entry 2020-08-25
xorg-server
lt 1.20.8_4,1

xephyr
lt 1.20.8_4,1

xorg-vfbserver
lt 1.20.8_4,1

xorg-nestserver
lt 1.20.8_4,1

xwayland
lt 1.20.8_4,1

xorg-dmx
lt 1.20.8_4,1

CVE-2020-14345
CVE-2020-14346
CVE-2020-14361
CVE-2020-14362
https://lists.x.org/archives/xorg-announce/2020-August/003058.html
4f8ffb9c-f388-4fbd-b90f-b3131559d888xorg-server -- multiple vulnabilities

Alan Coopersmith reports:

X.Org thanks Michal Srb of SuSE for finding these issues and bringing them to our attention, Julien Cristau of Debian for getting the fixes integrated, and Adam Jackson of Red Hat for publishing the release.


Discovery 2017-10-04
Entry 2017-10-09
xephyr
lt 1.18.4_4,1

xorg-dmx
lt 1.18.4_4,1

xorg-nestserver
lt 1.19.1_1,2

xorg-server
lt 1.18.4_4,1

xorg-vfbserver
lt 1.19.1_1,1

xwayland
lt 1.19.1_1

https://lists.x.org/archives/xorg-announce/2017-October/002809.html
CVE-2017-13721
CVE-2017-13723
76c8b690-340b-11eb-a2b7-54e1ad3d6335xorg-server -- Multiple input validation failures in X server XKB extension

The X.org project reports:

These issues can lead to privileges elevations for authorized clients on systems where the X server is running privileged.

Insufficient checks on the lengths of the XkbSetMap request can lead to out of bounds memory accesses in the X server.

Insufficient checks on input of the XkbSetDeviceInfo request can lead to a buffer overflow on the head in the X server.


Discovery 2020-12-01
Entry 2020-12-01
xorg-server
lt 1.20.9_1,1

xephyr
lt 1.20.9_1,1

xorg-vfbserver
lt 1.20.9_1,1

xorg-nestserver
lt 1.20.9_1,1

xwayland
lt 1.20.9_2,1

xorg-dmx
lt 1.20.9_1,1

https://lists.x.org/archives/xorg-announce/2020-December/003066.html
CVE-2020-14360
CVE-2020-25712
3c7ba82a-d3fb-11ea-9aba-0c9d925bbbc0xorg-server -- Pixel Data Uninitialized Memory Information Disclosure

The X.org project reports:

Allocation for pixmap data in AllocatePixmap() does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges.

This flaw can lead to ASLR bypass, which when combined with other flaws (known/unknown) could lead to lead to privilege elevation in the client.


Discovery 2020-07-31
Entry 2020-08-01
xorg-server
lt 1.20.8_3,1

xephyr
lt 1.20.8_3,1

xorg-vfbserver
lt 1.20.8_3,1

xorg-nestserver
lt 1.20.8_3,1

xwayland
lt 1.20.8_3,1

xorg-dmx
lt 1.20.8_3,1

https://lists.x.org/archives/xorg-announce/2020-July/003051.html
CVE-2020-14347