All-
Sorry for the *very* belated summary. I realized only today that I started
the summary and then postponed it, and never really got back to it until
now.
I received only one response to my question on Tru64 and the NLS
vulnerabilities. That response came from Tom Webster,
Tom Webster <webster_at_SSDPDC.LGB.CAL.BOEING.COM>
He indicated that he too is not sure of the state of the vulnerability
in Tru64.
Considering how serious and widespread this vulnerability is (virtually
every other UNIX platform is vulnerable, so odds are good that Tru64 is
too), I'm a little surprised at the dearth of info on the problem.
Since we have a support contract, I opened a call, C001213-2199, regarding
this problem. It took a couple days and apparently a lot of research from
the person handling the call (Thanks Jan!), but she made available a
tarball, named
CSP_SSRT0689U.tar
that apparently fixes the problem (for 4.0f). The dates in the README
and on the updated C libraries are from early October, though the patch
didn't make it into patch kit #1 for 5.1. I do see SSRT0689 among the
patches in kit #2.
Tim
--
Tim Mooney mooney_at_dogbert.cc.ndsu.NoDak.edu
Information Technology Services (701) 231-1076 (Voice)
Room 242-J1, IACC Building (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
Received on Thu Mar 29 2001 - 18:44:19 NZST