> On Mar 8, 2020, at 07:03, Olbert, Nils <i17...@hb.dhbw-stuttgart.de> wrote: > > Hello, > > I am not completely sure if this is the right mailing list for asking this > question, but since the x11-users list seems to be broken (you cannot > register as a subscriber (results in a "We're sorry, we hit a bug!"-Error)
Can you point me to the link you are using? I can file a ticket to look into it. > , nor seem incoming messages to be processed (I sent this question to that > list before in early February)), I am gonna ask it here: There are messages on the list from February. > <mailto:x11-us...@lists.apple.com> > The last version of XQuartz available for download is from 2016. Yeah, that's the last time I had any free time to package everything up into a release, and nobody has stepped up to take that over. If you want the latest versions, I suggest using MacPorts to install it. > Since then, some serious security vulnerabilities has been spotted in X, f.e. > CVE-2017-10972 or https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=x.org > <https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=x.org> . > Is XQuartz immune to all of them or must installing XQuartz be considered as > a security issue? I'm not aware of any that I'd consider extremely alarming. Most of the vulnerabilities that I recall were around privilege escalation to root because Xorg runs as root on other platforms. Since the server runs as the user on macOS, that's not as big a concern. > > Kind regards, > Nils Olbert > > > _______________________________________________ > Xquartz-dev mailing list > Xquartz-dev@lists.macosforge.org <mailto:Xquartz-dev@lists.macosforge.org> > https://lists.macosforge.org/mailman/listinfo/xquartz-dev > <https://lists.macosforge.org/mailman/listinfo/xquartz-dev>
_______________________________________________ Xquartz-dev mailing list Xquartz-dev@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/xquartz-dev
