FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
76c8b690-340b-11eb-a2b7-54e1ad3d6335xorg-server -- Multiple input validation failures in X server XKB extension

The X.org project reports:

These issues can lead to privileges elevations for authorized clients on systems where the X server is running privileged.

Insufficient checks on the lengths of the XkbSetMap request can lead to out of bounds memory accesses in the X server.

Insufficient checks on input of the XkbSetDeviceInfo request can lead to a buffer overflow on the head in the X server.


Discovery 2020-12-01
Entry 2020-12-01
xorg-server
lt 1.20.9_1,1

xephyr
lt 1.20.9_1,1

xorg-vfbserver
lt 1.20.9_1,1

xorg-nestserver
lt 1.20.9_1,1

xwayland
lt 1.20.9_2,1

xorg-dmx
lt 1.20.9_1,1

https://lists.x.org/archives/xorg-announce/2020-December/003066.html
CVE-2020-14360
CVE-2020-25712
ffa15b3b-e6f6-11ea-8cbf-54e1ad3d6335xorg-server -- Multiple input validation failures in X server extensions

The X.org project reports:

All theses issuses can lead to local privileges elevation on systems where the X server is running privileged.

The handler for the XkbSetNames request does not validate the request length before accessing its contents.

An integer underflow exists in the handler for the XIChangeHierarchy request.

An integer underflow exist in the handler for the XkbSelectEvents request.

An integer underflow exist in the handler for the CreateRegister request of the X record extension.


Discovery 2020-08-25
Entry 2020-08-25
xorg-server
lt 1.20.8_4,1

xephyr
lt 1.20.8_4,1

xorg-vfbserver
lt 1.20.8_4,1

xorg-nestserver
lt 1.20.8_4,1

xwayland
lt 1.20.8_4,1

xorg-dmx
lt 1.20.8_4,1

CVE-2020-14345
CVE-2020-14346
CVE-2020-14361
CVE-2020-14362
https://lists.x.org/archives/xorg-announce/2020-August/003058.html
465db5b6-9c6d-11eb-8e8a-bc542f4bd1ddxorg-server -- Input validation failures in X server XInput extension

X.Org server security reports for release 1.20.11:

  • Fix XChangeFeedbackControl() request underflow

.


Discovery 2021-04-13
Entry 2021-04-13
xorg-server
lt 1.20.11,1

xwayland
lt 1.20.11,1

xwayland-devel
le 1.20.0.877

https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-1.20.11
3c7ba82a-d3fb-11ea-9aba-0c9d925bbbc0xorg-server -- Pixel Data Uninitialized Memory Information Disclosure

The X.org project reports:

Allocation for pixmap data in AllocatePixmap() does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges.

This flaw can lead to ASLR bypass, which when combined with other flaws (known/unknown) could lead to lead to privilege elevation in the client.


Discovery 2020-07-31
Entry 2020-08-01
xorg-server
lt 1.20.8_3,1

xephyr
lt 1.20.8_3,1

xorg-vfbserver
lt 1.20.8_3,1

xorg-nestserver
lt 1.20.8_3,1

xwayland
lt 1.20.8_3,1

xorg-dmx
lt 1.20.8_3,1

https://lists.x.org/archives/xorg-announce/2020-July/003051.html
CVE-2020-14347