SECURITY FIX - TclPro Debugger beta release 1 & 2

[aleph1 () DFW NET (Aleph One)]

---------- Forwarded message ----------
Date: Fri, 26 Jun 1998 15:19:26 -0700
From: Ray Johnson <foo () nowhere com>
Subject: SECURITY FIX - TclPro Debugger beta release 1 & 2
Newsgroups: comp.lang.tcl


Attention! - All users of the beta releases of the TclPro Debugger

Problem:

The 1.0 beta 1 & 1.0 beta 2 releases of the TclPro Debugger contain a
security hole. A bug in those releases makes the debugger vulnerable to
malicious attacks on the port the debugger listens on for connections with
Tcl applications.

Solution:

We suggest that if you are currently using either TclPro Debugger beta 1
or beta 2 that you stop using it and download the beta 3 version of TclPro
Debugger. The beta 3 release contains no known security related bugs.

As with any beta software, we recommend that you never run the
debugger as root or on machines that are critical to your environment.
We are working hard to produce the best software possible and apologize
in advance for any bugs in our beta releases. We also want to thank our
beta testers for finding bugs, making suggestions and in general helping
us to improve our products.

Ray Johnson
Engineering Manager for TclPro

P.S. You will find the beta 3 version of TclPro Debugger has
additional enhancements (aside from the security fix) that
are significant.