#11813 closed enhancement (fixed)
libXdmcp-1.1.3 (CVE-2017-2625)
| Reported by: | Douglas R. Reno | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | high | Milestone: | 9.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version
This release provides a fix for CVE-2017-2625 for platforms which don't have
arc4random_buf() in their default libraries but do have getentropy(), such
as Linux platforms with a kernel version of 3.17 or newer and a glibc version
of 2.25 or newer. (libXdmcp 1.1.2 already ensured that arc4random_buf()
is used on platforms that have it to provide sufficient entropy in XDMCP
key generation, but left other platforms with the weaker methods. Linux
platforms could also have linked against libbsd to use arc4random_buf()
with libXdmcp 1.1.2 for stronger keys.)
Alan Coopersmith (2):
Update README for gitlab migration
libXdmcp 1.1.3
Benjamin Tissoires (2):
Use getentropy() if arc4random_buf() is not available
Fix compilation error when arc4random_buf is not available
Emil Velikov (1):
autogen.sh: use quoted string variables
Helmut Grohne (1):
do not use &fullrelvers; in xdmcp.xml (Debian bug 761628)
Jon TURNEY (1):
Link with winsock library for socket functions on MinGW
Mihail Konev (1):
autogen: add default patch prefix
Peter Hutterer (1):
autogen.sh: use exec instead of waiting for configure to finish
Change History (4)
comment:1 by , 5 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 5 years ago
| Summary: | libXdmcp-1.1.3 (Xorg Library) (CVE-2017-2625) → libXdmcp-1.1.3 (CVE-2017-2625) |
|---|
We have this as a separate page, not part of xorg-libs.
Note:
See TracTickets
for help on using tickets.
I can update all the Xorg libraries at once. Waiting to see if there are any more.