Terry Kennedy <[email protected]> has reassigned Bugzilla Automation <[email protected]>'s request for maintainer-feedback to [email protected]: Bug 205578: x11/linux-c6-xorg-libs https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205578
--- Description --- "pkg audit" has been reporting: linux-c6-xorg-libs-7.4_3 is vulnerable: libXfont -- BDF parsing issues CVE: CVE-2015-1804 CVE: CVE-2015-1803 CVE: CVE-2015-1802 WWW: https://vuxml.FreeBSD.org/freebsd/f7d79fac-cd49-11e4-898f-bcaec565249c.html for quite some time now. It appears that the underlying vulnerability has been fixed by Red Hat since September: https://rhn.redhat.com/errata/RHSA-2015-1708.html#Red%20Hat%20Enterprise%20Linu x%20Desktop%20%28v.%206%29 and made it into the CentOS patch repository on the same day: http://mirror.centos.org/centos/6/updates/i386/Packages/libXfont-1.4.5-5.el6_7. i686.rpm Is it possible to get this fix merged into our linux-c6-xorg-libs port? Also, the vuln.xml entry needs to be updated after this, as it wildcards all versions of linux-c6-xorg-libs as vulnerable with <range><ge>*</ge></range>. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-emulation To unsubscribe, send any mail to "[email protected]"
