Xt xterm security hole

To: Debian developers list <debian-devel@lists.debian.org>
Cc: steve@greenend.org.uk (Stephen Early)
Subject: Xt xterm security hole
From: Ian Jackson <ian@chiark.greenend.org.uk>
Date: Thu, 21 Nov 96 01:16 GMT
Message-id: <m0vQNkw-0004OHC@chiark.greenend.org.uk>

Premise: we should not ship 1.2 with a security bug that we know can
give away root access.

Believed-known fact: XFree86 as currently in frozen has such a bug.

Conclusion: we must do something to the XFree86 build in frozen before
we release.

We can do this in two ways:
 1. Push XFree86 3.2 into frozen.
 2. Apply a patch to fix the bug in frozen's source and rebuild X.

I don't know which of 1 or 2 we can should do, but surely we must do
one other the other and we must not release 1.2 without it.

Thanks,
Ian.

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Follow-Ups:
- Xt xterm security hole
  - From: Stephen Early <steve@myrddin.greenend.org.uk>
- Re: Xt xterm security hole
  - From: Daniel Quinlan <quinlan@pathname.com>
- Re: Xt xterm security hole
  - From: bruce@pixar.com (Bruce Perens)

Prev by Date: Re: qmail as debian pkg
Next by Date: Re: Updates on the Passwd/Group changes proposal
Previous by thread: Re: The unanswered Question
Next by thread: Xt xterm security hole
Index(es):
- Date
- Thread