Subject: Re: CVS commit: xsrc/xc
To: None <firstname.lastname@example.org>
From: Jim Wise <email@example.com>
Date: 09/09/2002 23:35:41
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 10 Sep 2002 firstname.lastname@example.org wrote:
>>> where could i find that statement? URL? as far as i checked they
>>> use the same codepath therefore not fixing 3.3 seems to be a wrong
>>As tron is listed in 3DPARTY as the responsible maintainer for the
>>XFree86 codebase in xsrc, and as he has looked into the matter and
>>concluded that XF86 3.x is not vulnerable (something I also seem to
>>recall from the original announcement of this vulnerability), it would
>>seem that _you_ should provide evidence that the codebase in question
>>_is_ vulnerable before going in and modifying it this close to a
>>Do you have any specific reason to believe that the code in question is
> try a diff between these two code. they are identical!
Are they used the same way? Is the code path leading to them the same?
Is there a reason that both XFree.org and our X11 maintainer seem to
have concluded that the XF86 3 code is not vulnerable? Wouldn't it seem
to warrant checking with said maintainer before changing code this close
to a release?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (NetBSD)
-----END PGP SIGNATURE-----