On Thu, 30 Apr 1998 14:43:46 -0600, Theo de Raadt <deraadtat_private> wrote: >> Patches to address this vulnerability have been given to X Project Team >> members: ... >> The patches, >> when they become available, may be found on ftp://ftp.x.org/pub/R6.4/fixes/. >> The X Project Team only supplies patches for the latest release -- we do >> not make patches for prior releases. >What is this. Is The Open Group now selling security patches only to >their members? That's about it I think. TOG have change the distribution conditions for X11R6.4 (and later) - check their website (http://www.opengroup.org/tech/desktop/x/) for details. >I asked the XFree86 people. They have received no communication from TOG >about this at all. XFree86 have decided to stay with X11R6.3 because of the license changes (see http://www.xfree86.org/news/pr-980407.html). > I think this is extremely bad ethics on the part of >TOG to publish information on a security problem and then only give fixes >to people who have given them money. I tend to agree. Their excuse will be that they don't patch old releases, it's your choice not to stay current. At present, there doesn't appear to be any restriction on ftp://ftp.x.org/pub/R6.4/fixes/ (admittedly, it's empty). If the patches are publicly available, it may be possible to work out the details of the bug and fix it in previous releases. Peter -- Peter Jeremy (VK2PJ) peter.jeremyat_private Alcatel Australia Limited 41 Mandible St Phone: +61 2 9690 5019 ALEXANDRIA NSW 2015 Fax: +61 2 9690 5247
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:51:53 PDT