Re: Recent vulnerabilities in xorg-server
- From: Eygene Ryabinkin <rea-fbsd@xxxxxxxxxxx>
- Date: Tue, 16 Jan 2007 11:29:22 +0300
May I remind you about Xorg issues. Or you're already identified
them as false-positive? I can not see the vulnerability in the
so I assume that it was either considered false or not yes processed.
Thu, Jan 11, 2007 at 10:56:16AM +0300, Eygene Ryabinkin wrote:
Remko, good day!
Thanks for the notification! We are kinda busy at theAttached. The discovery date is given by the date of the
moment, so if you could spare a minute and write a
VuXML entry (a draft would also suffice), we can
more easily add it. If you are unable to do so, no
probs, but it is likely to take a bit longer to
get the things incorporated.
original posts in Securityfocus bugtraq list:
The disclosure timeline is different (the same for all three posts):
VIII. DISCLOSURE TIMELINE
12/04/2006 Initial vendor notification
12/05/2006 Initial vendor response
01/09/2007 Coordinated public disclosure
Thanks for using FreeBSD and your willingness to improveYou're welcome ;))
the product! It is being appriciated.
<topic>xorg-server -- multiple vulnerabilities.</topic>
<p>CVE-2006-6101 CVE-2006-6102 CVE-2006-6103: The
ProcDbeGetVisualInfo(), ProcDbeSwapBuffer() and
ProcRenderAddGlyphs() functions in the X server, implementing
requests for the dbe and render extensions, may be used to
overwrite data on the stack or in other parts of the X
<p>CVE-2006-2006-3739 and CVE 2006-3740: It may be possible
for a user with the ability to set the X server font path,
by making it point to a malicious font, to cause arbitrary
code execution or denial of service on the X server.</p>
freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Prev by Date: Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
- Next by Date: Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
- Previous by thread: Re: Recent vulnerabilities in xorg-server
- Next by thread: FreeBSD Security Advisory FreeBSD-SA-07:01.jail