On Tue, Jul 06, 1999 at 02:58:13PM -0400, John G's Debian mail acct wrote: > - xfs and XFree86 were not vulnerable in slink; I assume the same for hamm; The vulnerability in question was introduced by XFree86 3.3.3. Debian never released 3.3.3 .debs; by the time I got around to moving up to the new upstream version after 3.3.2.3, 3.3.3.1 was out and the symlink attack problem was known about, so I made sure it was fixed in the initial packaging. So, to put it simply, your assumption is correct. Hamm was not vulnerable either; the version of XFree86 it used predated the introduction of the vulnerability. That is perhaps the only advantage we derived from being so slow to Debianize XFree86 3.3.3(.1). But it was indeed a nice advantage from the security paranoiac's perspective. -- G. Branden Robinson | It doesn't matter what you are doing, Debian GNU/Linux | emacs is always overkill. branden@ecn.purdue.edu | -- Stephen J. Carpenter cartoon.ecn.purdue.edu/~branden/ |
Attachment:
pgpyEV1QJ3JOs.pgp
Description: PGP signature