Message-ID: <email address hidden> Date: Wed, 16 Feb 2005 11:28:19 +0100 From: Martin Pitt <email address hidden> To: <email address hidden> Subject: Re: multiple security holes in XPM code (CAN-2004-0914)
--PEIAKu/WMn1b1Hv9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable
Hi!
Please note that the new upstream only fixes lesstif2, not lesstif1:
This directory contains fixed sources:
http://cvs.sourceforge.net/viewcvs.py/lesstif/lesstif/lib/Xm-2.1/
However, this doesn't:
http://cvs.sourceforge.net/viewcvs.py/lesstif/lesstif/lib/Xm/
However, fixing that is an enormous task. In this directory the Xpm source is merged into one big C file and function names have been renamed, so that the huuuuge patch must be applied manually.
Martin --=20 Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian GNU/Linux Developer http://www.debian.org
--PEIAKu/WMn1b1Hv9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFCEyBDDecnbV4Fd/IRAmlHAJ0Vv3ftk++FugzMV5VP4S3lNF9CZACgwv0r +zyL7RqOIT1PpuQe8NSIPtg= =xK2K -----END PGP SIGNATURE-----
--PEIAKu/WMn1b1Hv9--
Message-ID: <email address hidden>
Date: Wed, 16 Feb 2005 11:28:19 +0100
From: Martin Pitt <email address hidden>
To: <email address hidden>
Subject: Re: multiple security holes in XPM code (CAN-2004-0914)
--PEIAKu/WMn1b1Hv9 Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Hi!
Please note that the new upstream only fixes lesstif2, not lesstif1:
This directory contains fixed sources:
http:// cvs.sourceforge .net/viewcvs. py/lesstif/ lesstif/ lib/Xm- 2.1/
However, this doesn't:
http:// cvs.sourceforge .net/viewcvs. py/lesstif/ lesstif/ lib/Xm/
However, fixing that is an enormous task. In this directory the Xpm
source is merged into one big C file and function names have been
renamed, so that the huuuuge patch must be applied manually.
Martin www.piware. de www.ubuntulinux .org www.debian. org
--=20
Martin Pitt http://
Ubuntu Developer http://
Debian GNU/Linux Developer http://
--PEIAKu/WMn1b1Hv9 pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
nbV4Fd/ IRAmlHAJ0Vv3ftk ++FugzMV5VP4S3l NF9CZACgwv0r e8NSIPtg=
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCEyBDDec
+zyL7RqOIT1PpuQ
=xK2K
-----END PGP SIGNATURE-----
--PEIAKu/ WMn1b1Hv9- -