---------- Forwarded message ---------- Date: Fri, 26 Jun 1998 15:19:26 -0700 From: Ray Johnson <fooat_private> Subject: SECURITY FIX - TclPro Debugger beta release 1 & 2 Newsgroups: comp.lang.tcl Attention! - All users of the beta releases of the TclPro Debugger Problem: The 1.0 beta 1 & 1.0 beta 2 releases of the TclPro Debugger contain a security hole. A bug in those releases makes the debugger vulnerable to malicious attacks on the port the debugger listens on for connections with Tcl applications. Solution: We suggest that if you are currently using either TclPro Debugger beta 1 or beta 2 that you stop using it and download the beta 3 version of TclPro Debugger. The beta 3 release contains no known security related bugs. As with any beta software, we recommend that you never run the debugger as root or on machines that are critical to your environment. We are working hard to produce the best software possible and apologize in advance for any bugs in our beta releases. We also want to thank our beta testers for finding bugs, making suggestions and in general helping us to improve our products. Ray Johnson Engineering Manager for TclPro P.S. You will find the beta 3 version of TclPro Debugger has additional enhancements (aside from the security fix) that are significant.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:00:48 PDT