FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-18 19:03:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
08a125f3-e35a-11e7-a293-54e1ad3d6335	libXfont -- permission bypass when opening files through symlinks the freedesktop.org project reports: A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir", "fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue with special files such as /dev/watchdog. Discovery 2017-11-25 Entry 2017-12-17 libXfont < 1.5.4 libXfont2 < 2.0.3 https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8 CVE-2017-16611
3b9590a1-e358-11e7-a293-54e1ad3d6335	libXfont -- multiple memory leaks The freedesktop.org project reports: If a pattern contains '?' character, any character in the string is skipped, even if it is '\0'. The rest of the matching then reads invalid memory. Without the checks a malformed PCF file can cause the library to make atom from random heap memory that was behind the `strings` buffer. This may crash the process or leak information. Discovery 2017-10-04 Entry 2017-12-17 libXfont < 1.5.3 libXfont2 < 2.0.2 https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608 https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd CVE-2017-13720 CVE-2017-13722

VuXML ID

Description

08a125f3-e35a-11e7-a293-54e1ad3d6335

libXfont -- permission bypass when opening files through symlinks

the freedesktop.org project reports:

A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir", "fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue with special files such as /dev/watchdog.

Discovery 2017-11-25
Entry 2017-12-17
libXfont

< 1.5.4

libXfont2

< 2.0.3

https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8
CVE-2017-16611

3b9590a1-e358-11e7-a293-54e1ad3d6335

libXfont -- multiple memory leaks

The freedesktop.org project reports:

If a pattern contains '?' character, any character in the string is skipped, even if it is '\0'. The rest of the matching then reads invalid memory.

Without the checks a malformed PCF file can cause the library to make atom from random heap memory that was behind the `strings` buffer. This may crash the process or leak information.

Discovery 2017-10-04
Entry 2017-12-17
libXfont

< 1.5.3

libXfont2

< 2.0.2

https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608
https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd
CVE-2017-13720
CVE-2017-13722