[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

svgalib where new version (security hole)


I've seen that "security hole" in zvg, reported in linux-security
etc. They say:

> From: ksrt <ksrt@dec.net>
> To: linux-security@redhat.com
> Subject: [linux-alert] svgalib/zgv
> [..]
> Patch/Fix:           svgalib-1.2.11 will address this security issue.  Look
> 		       for our upcoming paper on vulnerabilities in svgalib
> 		       that will explain proper programming methods and other
> 		       potential problems with svgalib applications.

I've been searching the archives for svgalib-1.2.11, but cannot find
it anywhere (yes they say "will address"). Is there anybody here who
knows where to find this?

I used to think them dec people were competent, but with a security
allert that doesn't even attempt to explain where the hole is, and
no possibility of us really fixing it, I start to wonder.

joost witteveen, joostje@debian.org
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: