Subject: Re: CVS commit: xsrc/xc
To: None <itojun@iijlab.net>
From: Jim Wise <jwise@draga.com>
List: tech-x11
Date: 09/09/2002 14:47:08
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 7 Sep 2002 itojun@iijlab.net wrote:

>>> This is 3.3 tree.
>>Which is according to the XFree86 maintainers not vulnerable. Could
>>some please tell me why this was necessary?
>
>	where could i find that statement?  URL?  as far as i checked they
>	use the same codepath therefore not fixing 3.3 seems to be a wrong
>	thing.

Itojun,
As tron is listed in 3DPARTY as the responsible maintainer for the
XFree86 codebase in xsrc, and as he has looked into the matter and
concluded that XF86 3.x is not vulnerable (something I also seem to
recall from the original announcement of this vulnerability), it would
seem that _you_ should provide evidence that the codebase in question
_is_ vulnerable before going in and modifying it this close to a
release.

Do you have any specific reason to believe that the code in question is
vulnerable?

- -- 
				Jim Wise
				jwise@draga.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (NetBSD)

iD8DBQE9fOyxlGcH240chEIRAvvzAKCVpRWlep4Gi8fATPzfbenTsvUsOQCgn6SD
0b5MRQ9ovdSvqcZI3yleW2c=
=dJUR
-----END PGP SIGNATURE-----