Bugtraq mailing list archives
Re: CERT Vendor-Initiated Bulletin VB-98.04 - xterm.Xaw
From: deraadt () CVS OPENBSD ORG (Theo de Raadt)
Date: Thu, 30 Apr 1998 14:43:46 -0600
Patches to address this vulnerability have been given to X Project Team members: Astec Attachmate BARCO Chromatics CliniComp International Digital Hewlett-Packard Hitachi Hummingbird Communications IBM Jupiter Systems Metro Link Network Computing Devices NetManage Peritek Seaweed Systems Sequent Computer Systems Shiman Associates Silicon Graphics Societe Axel Siemens Nixdorf Starnet SunSoft WRQ Xi Graphics The X Project Team periodically makes public patches available to fix a variety of problems. Announcements about the availability of these patches is announced on the Usenet comp.windows.x.announce newsgroup. The patches, when they become available, may be found on ftp://ftp.x.org/pub/R6.4/fixes/. The X Project Team only supplies patches for the latest release -- we do not make patches for prior releases. Information on joining The Open Group can be found at http://www.opengroup.org/howtojoin.htm
What is this. Is The Open Group now selling security patches only to their members? I asked the XFree86 people. They have received no communication from TOG about this at all. I think this is extremely bad ethics on the part of TOG to publish information on a security problem and then only give fixes to people who have given them money. Secondly, I think CERT has been somewhat negligent in letting this kind of advisory through; don't they ussually say they have a policy of making sure all the vendors have been contacted? Considering how many thousands and thousands of people use XFree86, what happened here, did CERT forget about them?
Current thread:
- Some Past Frontpage Exploits chameleon (Apr 26)
- Re: Some Past Frontpage Exploits David LeBlanc (Apr 27)
- HP-UX glance bug (#4?) J.A. Gutierrez (Apr 27)
- CERT Vendor-Initiated Bulletin VB-98.04 - xterm.Xaw Aleph One (Apr 27)
- Re: CERT Vendor-Initiated Bulletin VB-98.04 - xterm.Xaw Theo de Raadt (Apr 30)
- IEEE newsletter on Security & Privacy Avi Rubin (Apr 27)