[17232] in bugtraq
Re: another Xlib buffer overflow
daemon@ATHENA.MIT.EDU (Kris Kennaway)
Mon Oct 16 14:03:08 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20001015212358.A26573@citusc17.usc.edu>
Date: Sun, 15 Oct 2000 21:23:58 -0700
Reply-To: Kris Kennaway <kris@CITUSC.USC.EDU>
From: Kris Kennaway <kris@CITUSC.USC.EDU>
X-To: Matthieu Herrb <matthieu@laas.fr>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <14823.32893.941728.85487@laas.fr>; from matthieu@laas.fr on Fri,
Oct 13, 2000 at 11:37:01PM +0200
On Fri, Oct 13, 2000 at 11:37:01PM +0200, Matthieu Herrb wrote:
> It was fixed in XFree86 4.0. From the CHANGELOG:
>
> XFree86 3.9Nu (13 January 1999)
> [...]
> 2141. Fix some sun_path overflows in xtrans.
Wow, there's nothing like supporting the product release which
everyone actually uses.
XFree86 did the same thing with the other security problems a few
months ago (fixed it silently in 4.0.1 and forced vendors who care to
manually hunt down and extract the patches from their CVS repo and
apply them by hand to their 3.3.6 package). Mail to their security
contact address also went unanswered on this issue..
Kris
