author: Niclas Zeising <zeising@FreeBSD.org> 2019-03-22 04:08:55 +0000
committer: Niclas Zeising <zeising@FreeBSD.org> 2019-03-22 04:08:55 +0000
commit: 9014201185ecfd1a39da312fee20f68e556eabc4 (patch)
tree: 8be00ad5179848a99da590d3d7da00d2808c4906 /security
parent: e365f55ff8ddb5639fb69ee88a569942856bc9dd (diff)
download: ports-9014201185ecfd1a39da312fee20f68e556eabc4.tar.gz
ports-9014201185ecfd1a39da312fee20f68e556eabc4.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 6d4957094a92..7f30d5b1ef3c 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -132,8 +132,9 @@ Notes:
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The freedesktop and x.org project reports:</p>
 	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-2625">
-	  <p>It was discovered that libXdmcp before 1.1.3 including used weak
-	    entropy to generate session keys. On a multi-user system using
+	  <p>It was discovered that libXdmcp before 1.1.3 used weak
+	    entropy to generate session keys on platforms without
+	    arc4random_buf() but with getentropy(). On a multi-user system using
 	    xdmcp, a local attacker could potentially use information available
 	    from the process list to brute force the key, allowing them to
 	    hijack other users' sessions.</p>
@@ -150,6 +151,7 @@ Notes:
     <dates>
       <discovery>2017-04-04</discovery>
       <entry>2019-03-21</entry>
+      <modified>2019-03-22</modified>
     </dates>
   </vuln>
author	Niclas Zeising <zeising@FreeBSD.org>	2019-03-22 04:08:55 +0000
committer	Niclas Zeising <zeising@FreeBSD.org>	2019-03-22 04:08:55 +0000
commit	9014201185ecfd1a39da312fee20f68e556eabc4 (patch)
tree	8be00ad5179848a99da590d3d7da00d2808c4906 /security
parent	e365f55ff8ddb5639fb69ee88a569942856bc9dd (diff)
download	ports-9014201185ecfd1a39da312fee20f68e556eabc4.tar.gz ports-9014201185ecfd1a39da312fee20f68e556eabc4.zip