CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2009/09/04 14:24:25
Modified files:
x11/slim : Makefile
Added files:
x11/slim/patches: patch-app_cpp patch-app_h patch-switchuser_cpp
Log message:
Add a bunch of patches to fix CVE-2009-1756, also reported in debian bz
#529306 & FreeBSD PR134801 :
The security issue is caused by slim generating the X authority file
by passing the X authority cookie via the command line to "xauth".
This can be exploited to disclose the X authority cookie by consulting
the process list and e.g. gain access the user's display.
While here, use slightly better random seeding for cookie generation.
Patches adapted from the ones provided to debian/FreeBSD by Eygene Ryabinkin
<[email protected]>
