[SECURITY] New versions of gzip available
Martin Schulze writes:
> We were told by Michal Zalewski that gzexe as shipped with gzip uses
> an unsecure method decompressing executables on the fly opening a way
> of calling arbitrary programs. Newer versions for bo and hamm are
> fixing this. We recommend you upgrade your gzip package if you're
> using the gzexe method.
>
> dpkg -i file.deb
> will install the referenced file.
>
> Debian GNU/Linux 1.3.1 alias bo
> -------------------------------
>
> Source archives:
> ftp://ftp.debian.org/debian/bo/source/base/gzip_1.2.4-26.1.diff.gz
> MD5 checksum: d2954d118da06e4a0dc5f92890dc9fcc
> ftp://ftp.debian.org/debian/bo/source/base/gzip_1.2.4-26.1.dsc
> MD5 checksum: 223bfd632a6d39334f50db5b5f5c0119
> ftp://ftp.debian.org/debian/bo/source/base/gzip_1.2.4.orig.tar.gz
> MD5 checksum: b94b3e07797e0cbf3622bb2fe5682f0b
>
> Intel architecture:
> ftp://ftp.debian.org/debian/bo/binary-i386/base/gzip_1.2.4-26.1.deb
> MD5 checksum: 1f7cb9c0f4c4377cc762e2a00575274d
This deb has been pushed into stable. It pre-depends on debianutils
>= 1.6, but the version of debianutils in stable is only 1.5.
-gavin...
--
To UNSUBSCRIBE, email to debian-changes-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: