Xt xterm security hole
Premise: we should not ship 1.2 with a security bug that we know can
give away root access.
Believed-known fact: XFree86 as currently in frozen has such a bug.
Conclusion: we must do something to the XFree86 build in frozen before
we release.
We can do this in two ways:
1. Push XFree86 3.2 into frozen.
2. Apply a patch to fix the bug in frozen's source and rebuild X.
I don't know which of 1 or 2 we can should do, but surely we must do
one other the other and we must not release 1.2 without it.
Thanks,
Ian.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: