> Patches to address this vulnerability have been given to X Project Team > members: > > Astec > Attachmate > BARCO Chromatics > CliniComp International > Digital > Hewlett-Packard > Hitachi > Hummingbird Communications > IBM > Jupiter Systems > Metro Link > Network Computing Devices > NetManage > Peritek > Seaweed Systems > Sequent Computer Systems > Shiman Associates > Silicon Graphics > Societe Axel > Siemens Nixdorf > Starnet > SunSoft > WRQ > Xi Graphics > > The X Project Team periodically makes public patches available to fix a > variety of problems. Announcements about the availability of these patches > is announced on the Usenet comp.windows.x.announce newsgroup. The patches, > when they become available, may be found on ftp://ftp.x.org/pub/R6.4/fixes/. > The X Project Team only supplies patches for the latest release -- we do > not make patches for prior releases. > > Information on joining The Open Group can be found at > > http://www.opengroup.org/howtojoin.htm What is this. Is The Open Group now selling security patches only to their members? I asked the XFree86 people. They have received no communication from TOG about this at all. I think this is extremely bad ethics on the part of TOG to publish information on a security problem and then only give fixes to people who have given them money. Secondly, I think CERT has been somewhat negligent in letting this kind of advisory through; don't they ussually say they have a policy of making sure all the vendors have been contacted? Considering how many thousands and thousands of people use XFree86, what happened here, did CERT forget about them?
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:51:52 PDT