From owner-cvs-all Thu Dec 21 6: 4:47 2000 From owner-cvs-all@FreeBSD.ORG Thu Dec 21 06:04:43 2000 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from citusc.usc.edu (citusc.usc.edu [128.125.38.123]) by hub.freebsd.org (Postfix) with ESMTP id CC96237B400; Thu, 21 Dec 2000 06:04:42 -0800 (PST) Received: (from kris@localhost) by citusc.usc.edu (8.9.3/8.9.3) id GAA26902; Thu, 21 Dec 2000 06:05:57 -0800 Date: Thu, 21 Dec 2000 06:05:57 -0800 From: Kris Kennaway To: Josef Karthauser Cc: Kris Kennaway , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, reg@FreeBSD.org Subject: Re: cvs commit: ports/x11/XFree86-aoutlibs Makefile Message-ID: <20001221060557.C26775@citusc.usc.edu> References: <200012210319.eBL3JEE44842@freefall.freebsd.org> <20001221122440.F628@tao.org.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="/e2eDi0V/xtL+Mc8" Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20001221122440.F628@tao.org.uk>; from joe@tao.org.uk on Thu, Dec 21, 2000 at 12:24:40PM +0000 Sender: kris@citusc.usc.edu Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --/e2eDi0V/xtL+Mc8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 21, 2000 at 12:24:40PM +0000, Josef Karthauser wrote: > On Wed, Dec 20, 2000 at 07:19:14PM -0800, Kris Kennaway wrote: > > kris 2000/12/20 19:19:14 PST > >=20 > > Modified files: > > x11/XFree86-aoutlibs Makefile=20 > > Log: > > Mark FORBIDDEN: All released XFree86 3.x versions have remote denial = of > > service and code execution vulnerabilities in some of the libraries. >=20 > Doesn't netscape still depend upon these? (Is there anyway that we can > get the netscape guys to support the current state of reality?) Yes. A solution would be to roll our own copy of the XFree86 3.3.3 libraries + security patches. I don't know if there were any other security fixes since 3.3.3 apart from the ones committed to the 3.3.6 port a few months ago, though. Kris --/e2eDi0V/xtL+Mc8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6Qg5AWry0BWjoQKURAil4AKDtA4iPF0TtOSsCOtvtgZBK4FuIzgCgmfI3 HUD6qiw3XfhZsFKPItyTSCo= =UQu+ -----END PGP SIGNATURE----- --/e2eDi0V/xtL+Mc8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message