Hell,
I've seen that "security hole" in zvg, reported in linux-security
etc. They say:
> From: ksrt <ksrt@dec.net>
> To: linux-security@redhat.com
> Subject: [linux-alert] svgalib/zgv
>
> [..]
>
> Patch/Fix: svgalib-1.2.11 will address this security issue. Look
> for our upcoming paper on vulnerabilities in svgalib
> that will explain proper programming methods and other
> potential problems with svgalib applications.
I've been searching the archives for svgalib-1.2.11, but cannot find
it anywhere (yes they say "will address"). Is there anybody here who
knows where to find this?
I used to think them dec people were competent, but with a security
allert that doesn't even attempt to explain where the hole is, and
no possibility of us really fixing it, I start to wonder.
--
joost witteveen, joostje@debian.org
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .