From owner-freebsd-ports  Mon Jan  4 06:37:54 1999
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA20659
          for freebsd-ports-outgoing; Mon, 4 Jan 1999 06:37:54 -0800 (PST)
          (envelope-from owner-freebsd-ports@FreeBSD.ORG)
Received: from megaweapon.zigg.com (megaweapon.zigg.com [206.114.60.8])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA20652
          for <ports@freebsd.org>; Mon, 4 Jan 1999 06:37:52 -0800 (PST)
          (envelope-from matt@megaweapon.zigg.com)
Received: from localhost (matt@localhost)
	by megaweapon.zigg.com (8.8.8/8.8.8) with ESMTP id JAA10111
	for <ports@freebsd.org>; Mon, 4 Jan 1999 09:37:25 -0500 (EST)
	(envelope-from matt@megaweapon.zigg.com)
Date: Mon, 4 Jan 1999 09:37:24 -0500 (EST)
From: Matt Behrens <matt@megaweapon.zigg.com>
To: ports@FreeBSD.ORG
Subject: Quick check on x11-toolkits/Xaw3d vulnerability
Message-ID: <Pine.BSF.4.05.9901040935340.10073-100000@megaweapon.zigg.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Eariler this year, if everyone recalls, vulnerabilities were found
in the Xaw libraries that could give root shells with a simple run
of xterm.

I have recently begun using Xaw3d (1.5, from the ports collection)
and there *seems* to be no mention either in the port, the patches,
or the source itself of any vulnerabilities or fixes.  Yet all Xaw
advisories suggest that Xaw3d "may" be vulnerable.

Was this conciously upgraded to incorporate any fixes?

- Matt "Zigg" Behrens <matt@zigg.com>
  Network Administrator, zigg.com <http://www.zigg.com/>
  Engineer, Nameless IRC Network <http://www.nameless.net/>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message