My apologies if you replied to the mail quoted below; I never received one. As far as I can tell, Red Hat's webpages have not been updated with the corrected information. Are there any plans to do so? On Mon, Sep 20, 1999 at 12:30:04AM -0400, branden wrote: > Hi Preston, > > In Red Hat's recent announcement, there is the following text: > > > Thanks go to Branden Robinson <branden@debian.org> for discovering a > > possible symlink attack in the xkb extension initialization at server > > startup time. > > I appreciate the mention, but I cannot claim credit for having discovered > this vulnerability. Credit for that, as far as I know, goes to Olaf Kirch > <okir@lst.de>, who announced it to the vendor-sec list. > > I did, however, author the fix, which was accepted into the XFree86 source > tree upstream and which I mailed to you. -- G. Branden Robinson | Debian GNU/Linux | Music is the brandy of the damned. branden@ecn.purdue.edu | -- George Bernard Shaw cartoon.ecn.purdue.edu/~branden/ |
Attachment:
pgpmIEMth539h.pgp
Description: PGP signature