Bugtraq mailing list archives
Re: CERT Vendor-Initiated Bulletin VB-98.04 - xterm.Xaw
From: peter.jeremy () ALCATEL COM AU (Peter Jeremy)
Date: Fri, 1 May 1998 07:51:06 +1000
On Thu, 30 Apr 1998 14:43:46 -0600, Theo de Raadt <deraadt () CVS OPENBSD ORG> wrote:
Patches to address this vulnerability have been given to X Project Team members:
...
The patches, when they become available, may be found on ftp://ftp.x.org/pub/R6.4/fixes/. The X Project Team only supplies patches for the latest release -- we do not make patches for prior releases.What is this. Is The Open Group now selling security patches only to their members?
That's about it I think. TOG have change the distribution conditions for X11R6.4 (and later) - check their website (http://www.opengroup.org/tech/desktop/x/) for details.
I asked the XFree86 people. They have received no communication from TOG about this at all.
XFree86 have decided to stay with X11R6.3 because of the license changes (see http://www.xfree86.org/news/pr-980407.html).
I think this is extremely bad ethics on the part of TOG to publish information on a security problem and then only give fixes to people who have given them money.
I tend to agree. Their excuse will be that they don't patch old releases, it's your choice not to stay current. At present, there doesn't appear to be any restriction on ftp://ftp.x.org/pub/R6.4/fixes/ (admittedly, it's empty). If the patches are publicly available, it may be possible to work out the details of the bug and fix it in previous releases. Peter -- Peter Jeremy (VK2PJ) peter.jeremy () alcatel com au Alcatel Australia Limited 41 Mandible St Phone: +61 2 9690 5019 ALEXANDRIA NSW 2015 Fax: +61 2 9690 5247
Current thread:
- Re: CERT Vendor-Initiated Bulletin VB-98.04 - xterm.Xaw Peter Jeremy (Apr 30)
- <Possible follow-ups>
- Re: CERT Vendor-Initiated Bulletin VB-98.04 - xterm.Xaw Perry E. Metzger (Apr 30)
- Re: CERT Vendor-Initiated Bulletin VB-98.04 - xterm.Xaw Allanah Myles (Apr 30)
- Re: CERT Vendor-Initiated Bulletin VB-98.04 - xterm.Xaw Alan Cox (May 01)
- Re: CERT Vendor-Initiated Bulletin VB-98.04 - xterm.Xaw Snob Art Genre (May 01)
- RSI.0001.05-01-98.ALL.QUAKE_SERVER mea culpa (May 01)
- nestea does other things Ivan Moore (May 01)
- Re: CERT Vendor-Initiated Bulletin VB-98.04 - xterm.Xaw Allanah Myles (Apr 30)
- Re: CERT Vendor-Initiated Bulletin VB-98.04 - xterm.Xaw Keith Bostic (May 01)