svgalib where new version (security hole)
I've seen that "security hole" in zvg, reported in linux-security
etc. They say:
> From: ksrt <email@example.com>
> To: firstname.lastname@example.org
> Subject: [linux-alert] svgalib/zgv
> Patch/Fix: svgalib-1.2.11 will address this security issue. Look
> for our upcoming paper on vulnerabilities in svgalib
> that will explain proper programming methods and other
> potential problems with svgalib applications.
I've been searching the archives for svgalib-1.2.11, but cannot find
it anywhere (yes they say "will address"). Is there anybody here who
knows where to find this?
I used to think them dec people were competent, but with a security
allert that doesn't even attempt to explain where the hole is, and
no possibility of us really fixing it, I start to wonder.
joost witteveen, email@example.com
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to firstname.lastname@example.org .