From owner-freebsd-ports Mon Jan 4 18:41:48 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA15290 for freebsd-ports-outgoing; Mon, 4 Jan 1999 18:41:48 -0800 (PST) (envelope-from owner-freebsd-ports@FreeBSD.ORG) Received: from vader.cs.berkeley.edu (vader.CS.Berkeley.EDU [128.32.38.234]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA15284 for ; Mon, 4 Jan 1999 18:41:46 -0800 (PST) (envelope-from asami@sunrise.cs.berkeley.edu) Received: from bubble.didi.com (sji-ca11-14.ix.netcom.com [209.109.237.14]) by vader.cs.berkeley.edu (8.8.7/8.7.3) with ESMTP id SAA07585; Mon, 4 Jan 1999 18:41:19 -0800 (PST) Received: (from asami@localhost) by bubble.didi.com (8.8.8/8.8.8) id SAA12828; Mon, 4 Jan 1999 18:41:11 -0800 (PST) (envelope-from asami) Date: Mon, 4 Jan 1999 18:41:11 -0800 (PST) Message-Id: <199901050241.SAA12828@bubble.didi.com> To: matt@megaweapon.zigg.com CC: ports@FreeBSD.ORG In-reply-to: (message from Matt Behrens on Mon, 4 Jan 1999 09:37:24 -0500 (EST)) Subject: Re: Quick check on x11-toolkits/Xaw3d vulnerability From: asami@FreeBSD.ORG (Satoshi Asami) Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * From: Matt Behrens * * Eariler this year, if everyone recalls, vulnerabilities were found * in the Xaw libraries that could give root shells with a simple run * of xterm. * * I have recently begun using Xaw3d (1.5, from the ports collection) * and there *seems* to be no mention either in the port, the patches, * or the source itself of any vulnerabilities or fixes. Yet all Xaw * advisories suggest that Xaw3d "may" be vulnerable. * * Was this conciously upgraded to incorporate any fixes? I'm not sure about the vulnerabilities (gosh, what a long word), but the Xaw3d in the ports collection is still at R6.1/1.3. I'll upgrade it to R6.3/1.5 when I get around to it (hopefully later tonight). Satoshi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message