-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 10 Sep 2002 itojun@iijlab.net wrote:

>>>	where could i find that statement?  URL?  as far as i checked they
>>>	use the same codepath therefore not fixing 3.3 seems to be a wrong
>>>	thing.
>>Itojun,
>>As tron is listed in 3DPARTY as the responsible maintainer for the
>>XFree86 codebase in xsrc, and as he has looked into the matter and
>>concluded that XF86 3.x is not vulnerable (something I also seem to
>>recall from the original announcement of this vulnerability), it would
>>seem that _you_ should provide evidence that the codebase in question
>>_is_ vulnerable before going in and modifying it this close to a
>>release.
>>
>>Do you have any specific reason to believe that the code in question is
>>vulnerable?
>
>	try a diff between these two code.  they are identical!

Are they used the same way?  Is the code path leading to them the same?
Is there a reason that both XFree.org and our X11 maintainer seem to
have concluded that the XF86 3 code is not vulnerable?  Wouldn't it seem
to warrant checking with said maintainer before changing code this close
to a release?

- -- 
				Jim Wise
				jwise@draga.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (NetBSD)

iD8DBQE9fWiTlGcH240chEIRAo/NAKC1gwHpKc+L2kEyGLX+KF2Yo/PoBQCg5Ke7
Mk5GOlGwhdAp2Ixr4nFkYoE=
=c4Zk
-----END PGP SIGNATURE-----