On Mar 8, 2020, at 07:03, Olbert, Nils <i17026@hb.dhbw-stuttgart.de> wrote:
Hello,
I am not completely sure if this is the right mailing list for asking this question, but since the x11-users list seems to be broken (you cannot register as a subscriber (results in a "We're sorry, we hit a bug!"-Error)
Can you point me to the link you are using? I can file a ticket to look into it.
, nor seem incoming messages to be processed (I sent this question to that list before in early February)), I am gonna ask it here:
There are messages on the list from February.
<mailto:x11-users@lists.apple.com> The last version of XQuartz available for download is from 2016.
Yeah, that's the last time I had any free time to package everything up into a release, and nobody has stepped up to take that over. If you want the latest versions, I suggest using MacPorts to install it.
Since then, some serious security vulnerabilities has been spotted in X, f.e. CVE-2017-10972 or https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=x.org <https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=x.org> . Is XQuartz immune to all of them or must installing XQuartz be considered as a security issue?
I'm not aware of any that I'd consider extremely alarming. Most of the vulnerabilities that I recall were around privilege escalation to root because Xorg runs as root on other platforms. Since the server runs as the user on macOS, that's not as big a concern.
Kind regards, Nils Olbert
_______________________________________________ Xquartz-dev mailing list Xquartz-dev@lists.macosforge.org <mailto:Xquartz-dev@lists.macosforge.org> https://lists.macosforge.org/mailman/listinfo/xquartz-dev <https://lists.macosforge.org/mailman/listinfo/xquartz-dev>