Subject: Re: CVS commit: xsrc/xc
To: None <>
From: Jim Wise <>
List: tech-x11
Date: 09/09/2002 23:35:41
Hash: SHA1

On Tue, 10 Sep 2002 wrote:

>>>	where could i find that statement?  URL?  as far as i checked they
>>>	use the same codepath therefore not fixing 3.3 seems to be a wrong
>>>	thing.
>>As tron is listed in 3DPARTY as the responsible maintainer for the
>>XFree86 codebase in xsrc, and as he has looked into the matter and
>>concluded that XF86 3.x is not vulnerable (something I also seem to
>>recall from the original announcement of this vulnerability), it would
>>seem that _you_ should provide evidence that the codebase in question
>>_is_ vulnerable before going in and modifying it this close to a
>>Do you have any specific reason to believe that the code in question is
>	try a diff between these two code.  they are identical!

Are they used the same way?  Is the code path leading to them the same?
Is there a reason that both and our X11 maintainer seem to
have concluded that the XF86 3 code is not vulnerable?  Wouldn't it seem
to warrant checking with said maintainer before changing code this close
to a release?

- -- 
				Jim Wise
Version: GnuPG v1.0.7 (NetBSD)