Opened 4 years ago
Closed 4 years ago
Last modified 4 years ago
#11813 closed enhancement (fixed)
|Reported by:||Douglas R. Reno||Owned by:||Bruce Dubbs|
New point version
This release provides a fix for CVE-2017-2625 for platforms which don't have arc4random_buf() in their default libraries but do have getentropy(), such as Linux platforms with a kernel version of 3.17 or newer and a glibc version of 2.25 or newer. (libXdmcp 1.1.2 already ensured that arc4random_buf() is used on platforms that have it to provide sufficient entropy in XDMCP key generation, but left other platforms with the weaker methods. Linux platforms could also have linked against libbsd to use arc4random_buf() with libXdmcp 1.1.2 for stronger keys.) Alan Coopersmith (2): Update README for gitlab migration libXdmcp 1.1.3 Benjamin Tissoires (2): Use getentropy() if arc4random_buf() is not available Fix compilation error when arc4random_buf is not available Emil Velikov (1): autogen.sh: use quoted string variables Helmut Grohne (1): do not use &fullrelvers; in xdmcp.xml (Debian bug 761628) Jon TURNEY (1): Link with winsock library for socket functions on MinGW Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (1): autogen.sh: use exec instead of waiting for configure to finish
Change History (4)
comment:1 by , 4 years ago
|Status:||new → assigned|
comment:2 by , 4 years ago
|Summary:||libXdmcp-1.1.3 (Xorg Library) (CVE-2017-2625) → libXdmcp-1.1.3 (CVE-2017-2625)|
We have this as a separate page, not part of xorg-libs.
comment:3 by , 4 years ago
|Status:||assigned → closed|
Fixed at revision 21348.
comment:4 by , 4 years ago
|Milestone:||8.5 → 9.0|
Note: See TracTickets for help on using tickets.
I can update all the Xorg libraries at once. Waiting to see if there are any more.