Xt xterm security hole

To: Ian Jackson <ian@chiark.greenend.org.uk>
Cc: Debian developers list <debian-devel@lists.debian.org>
Subject: Xt xterm security hole
From: Stephen Early <steve@myrddin.greenend.org.uk>
Date: Thu, 21 Nov 96 20:55 GMT
Message-id: <m0vQgAA-0001mMC@myrddin.greenend.org.uk>
In-reply-to: <m0vQNkw-0004OHC@chiark.greenend.org.uk>
References: <m0vQNkw-0004OHC@chiark.greenend.org.uk>

Ian Jackson writes:
 > Premise: we should not ship 1.2 with a security bug that we know can
 > give away root access.
 > 
 > Believed-known fact: XFree86 as currently in frozen has such a bug.
 > 
 > Conclusion: we must do something to the XFree86 build in frozen before
 > we release.
 > 
 > We can do this in two ways:
 >  1. Push XFree86 3.2 into frozen.

This has the disadvantage that XFree86-3.2 has not been extensively
tested as a Debian package.

 >  2. Apply a patch to fix the bug in frozen's source and rebuild X.

This is a major hassle because the XFree86-3.1.2 package was
incredibly awkward to build.

 > I don't know which of 1 or 2 we can should do, but surely we must do
 > one other the other and we must not release 1.2 without it.

On balance, I favour option 1 over option 2. The XFree86-3.2 packages
have been 'in the field' for almost two weeks, and no show-stoppers
have been reported. I believe they are at least as good quality as the
XFree86-3.1.2 packages.

I will upload XFree86-3.2-1 shortly. I will leave the decision on what
to do with it up to other people.

Steve Early

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Follow-Ups:
- Re: Xt xterm security hole
  - From: Lars Wirzenius <liw@iki.fi>

References:
- Xt xterm security hole
  - From: Ian Jackson <ian@chiark.greenend.org.uk>

Prev by Date: Re: Suid Manager Proposal
Next by Date: Re: Upcoming Debian Releases [auto-post]
Previous by thread: Xt xterm security hole
Next by thread: Re: Xt xterm security hole
Index(es):
- Date
- Thread