Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 4 Jan 1999 18:41:11 -0800 (PST)
From:      asami@FreeBSD.ORG (Satoshi Asami)
To:        matt@megaweapon.zigg.com
Cc:        ports@FreeBSD.ORG
Subject:   Re: Quick check on x11-toolkits/Xaw3d vulnerability
Message-ID:  <199901050241.SAA12828@bubble.didi.com>
In-Reply-To: <Pine.BSF.4.05.9901040935340.10073-100000@megaweapon.zigg.com> (message from Matt Behrens on Mon, 4 Jan 1999 09:37:24 -0500 (EST))

next in thread | previous in thread | raw e-mail | index | archive | help
 * From: Matt Behrens <matt@megaweapon.zigg.com>
 * 
 * Eariler this year, if everyone recalls, vulnerabilities were found
 * in the Xaw libraries that could give root shells with a simple run
 * of xterm.
 * 
 * I have recently begun using Xaw3d (1.5, from the ports collection)
 * and there *seems* to be no mention either in the port, the patches,
 * or the source itself of any vulnerabilities or fixes.  Yet all Xaw
 * advisories suggest that Xaw3d "may" be vulnerable.
 * 
 * Was this conciously upgraded to incorporate any fixes?

I'm not sure about the vulnerabilities (gosh, what a long word), but
the Xaw3d in the ports collection is still at R6.1/1.3.  I'll upgrade
it to R6.3/1.5 when I get around to it (hopefully later tonight).

Satoshi

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901050241.SAA12828>