[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposal: security-patch team for hamm

On Tue, Jul 06, 1999 at 02:58:13PM -0400, John G's Debian mail acct wrote:
> - xfs and XFree86 were not vulnerable in slink; I assume the same for hamm;

The vulnerability in question was introduced by XFree86 3.3.3.  Debian
never released 3.3.3 .debs; by the time I got around to moving up to the
new upstream version after, was out and the symlink attack
problem was known about, so I made sure it was fixed in the initial
packaging.  So, to put it simply, your assumption is correct.  Hamm was not
vulnerable either; the version of XFree86 it used predated the introduction
of the vulnerability.

That is perhaps the only advantage we derived from being so slow to
Debianize XFree86 3.3.3(.1).  But it was indeed a nice advantage from the
security paranoiac's perspective.

G. Branden Robinson              |    It doesn't matter what you are doing,
Debian GNU/Linux                 |    emacs is always overkill.
branden@ecn.purdue.edu           |    -- Stephen J. Carpenter
cartoon.ecn.purdue.edu/~branden/ |

Attachment: pgpLf_dcFIjFl.pgp
Description: PGP signature

Reply to: