Hi
Are we aware of (concerned by) ftp://ftp.cert.org/pub/cert_bulletins/VB-98.04.xterm.Xaw ? it says that > Vulnerabilities exist in the terminal emulator xterm(1), and the Xaw > library distributed in various MIT X Consortium; X Consortium, Inc.; > and The Open Group X Project Team releases. These vulnerabilities may > be exploited by an intruder to gain root access. the only solutions seems to chmod 0755 `which xterm` thanks and bye a.m. ps: I have a proposal: why not do this: 1) create a debian mailing list (lets call it "debian-warning" just to make the point), for very sensitive informations, like the presence of a security bug in a package, or of a flaw that may damage data or similair. 2) advertise it on debian-* 3) tweack the smail and sendmail packages so that on the installation they will ask to the root (and strongly suggest) that he/she joins "debian-warning" , (and then do it automatically) This would create a channel that we now lack: "debian-warning" should be a list of very low traffic, so that people would really read it An example: some time ago someone by mistake uploaded a version of grep that was broken; I installed it, and lost functionality of some things I needed, and the lost a lot of time trying to understand what had gone wrong; had I received a message from debian-warning I would have not installed it. Another example is of course the above message. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
