Extracted from CERT* Advisory CA-98.10
Original issue date: August 11, 1998
>Hewlett-Packard Company
>=======================
>
>The version of dtmail supplied by HP, as part of HP's CDE product, is
>vulnerable. Patches in process.
>
>Sun Microsystems, Inc.
>======================
>
>Sun Microsystems is working on patches for the following products:
>
> dtmail
> * CDE versions 1.0.1, 1.0.2 and 1.2.
> * Patches will be available within three weeks
My question is simple: is Digital UNIX dtmail similarly vulnerable?
("yes" would seem to be the safe assumption!).
And if so, is a patch planned?
Finally, either way, I notice Digital-related information is often
conspicuously missing from such announcements - for example, back in
April, when we had the BIND vulnerability alert, the only Digital UNIX
information was "Digital is investigating this problem.". I don't
believe we heard anything since. Is there any reason for this lack of
information?
Graham
Received on Wed Aug 12 1998 - 16:41:58 NZST