diff options
| author | Koop Mast <kwm@FreeBSD.org> | 2017-10-13 16:53:53 +0000 |
|---|---|---|
| committer | Koop Mast <kwm@FreeBSD.org> | 2017-10-13 16:53:53 +0000 |
| commit | fd0c450d4ff3c6f23bb73c7518ef7be38c81920e (patch) | |
| tree | 92fecf3c02bfaa5d683dd62620c2ac3d7b7dea9c | |
| parent | 6d16ac2aa8664b00260810a57262b195f5ef5ed5 (diff) | |
| download | ports-fd0c450d4ff3c6f23bb73c7518ef7be38c81920e.tar.gz ports-fd0c450d4ff3c6f23bb73c7518ef7be38c81920e.zip | |
Document xorg-server CVEs 2017-12176 through 2017-12187.
While here replace the SO-AND-SO part in the description of the previous xorg-server entry[1], with the Alan Coopersmith who send the announce mail to xorg-announce@ mailing list.
[1] entry: 4f8ffb9c-f388-4fbd-b90f-b3131559d888
Notes
Notes:
svn path=/head/; revision=452022
| -rw-r--r-- | security/vuxml/vuln.xml | 60 |
1 files changed, 59 insertions, 1 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d0cc3c3882c5..a51e64aa049f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,64 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="7274e0cc-575f-41bc-8619-14a41b3c2ad0"> + <topic>xorg-server -- multiple vulnabilities</topic> + <affects> + <package> + <name>xephyr</name> + <range><lt>1.18.4_5,1</lt></range> + </package> + <package> + <name>xorg-dmx</name> + <range><lt>1.18.4_5,1</lt></range> + </package> + <package> + <name>xorg-nestserver</name> + <range><lt>1.19.1_2,2</lt></range> + </package> + <package> + <name>xorg-server</name> + <range><lt>1.18.4_5,1</lt></range> + </package> + <package> + <name>xorg-vfbserver</name> + <range><lt>1.19.1_2,1</lt></range> + </package> + <package> + <name>xwayland</name> + <range><lt>1.19.1_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Adam Jackson reports:</p> + <blockquote cite="https://lists.x.org/archives/xorg-announce/2017-October/002814.html"> + <p>One regression fix since 1.19.4 (mea culpa), and fixes for + CVEs 2017-12176 through 2017-12187.</p> + </blockquote> + </body> + </description> + <references> + <url>https://lists.x.org/archives/xorg-announce/2017-October/002814.html</url> + <cvename>CVE-2017-12176</cvename> + <cvename>CVE-2017-12177</cvename> + <cvename>CVE-2017-12178</cvename> + <cvename>CVE-2017-12179</cvename> + <cvename>CVE-2017-12180</cvename> + <cvename>CVE-2017-12181</cvename> + <cvename>CVE-2017-12182</cvename> + <cvename>CVE-2017-12183</cvename> + <cvename>CVE-2017-12184</cvename> + <cvename>CVE-2017-12185</cvename> + <cvename>CVE-2017-12186</cvename> + <cvename>CVE-2017-12187</cvename> + </references> + <dates> + <discovery>2017-10-12</discovery> + <entry>2017-10-13</entry> + </dates> + </vuln> + <vuln vid="e837390d-0ceb-46b8-9b32-29c1195f5dc7"> <topic>solr -- Code execution via entity expansion</topic> <affects> @@ -423,7 +481,7 @@ Notes: </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> - <p>SO-AND-SO reports:</p> + <p>Alan Coopersmith reports:</p> <blockquote cite="https://lists.x.org/archives/xorg-announce/2017-October/002809.html"> <p>X.Org thanks Michal Srb of SuSE for finding these issues and bringing them to our attention, Julien Cristau of |