[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] New versions of gzip available

Martin Schulze writes:
 > We were told by Michal Zalewski that gzexe as shipped with gzip uses
 > an unsecure method decompressing executables on the fly opening a way
 > of calling arbitrary programs.  Newer versions for bo and hamm are
 > fixing this.  We recommend you upgrade your gzip package if you're
 > using the gzexe method.
 > 
 > dpkg -i file.deb
 >         will install the referenced file.
 > 
 > Debian GNU/Linux 1.3.1 alias bo
 > -------------------------------
 > 
 >   Source archives:
 >     ftp://ftp.debian.org/debian/bo/source/base/gzip_1.2.4-26.1.diff.gz
 >       MD5 checksum: d2954d118da06e4a0dc5f92890dc9fcc
 >     ftp://ftp.debian.org/debian/bo/source/base/gzip_1.2.4-26.1.dsc
 >       MD5 checksum: 223bfd632a6d39334f50db5b5f5c0119
 >     ftp://ftp.debian.org/debian/bo/source/base/gzip_1.2.4.orig.tar.gz
 >       MD5 checksum: b94b3e07797e0cbf3622bb2fe5682f0b
 > 
 >   Intel architecture:
 >     ftp://ftp.debian.org/debian/bo/binary-i386/base/gzip_1.2.4-26.1.deb
 >       MD5 checksum: 1f7cb9c0f4c4377cc762e2a00575274d

This deb has been pushed into stable.  It pre-depends on debianutils
>= 1.6, but the version of debianutils in stable is only 1.5.  

                                               -gavin...


--
To UNSUBSCRIBE, email to debian-changes-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: