Re: [SECURITY] New versions of gzip available
On Fri, May 15, 1998 at 12:46:54PM -0400, Gavin Romig-Koch wrote:
> > We were told by Michal Zalewski that gzexe as shipped with gzip uses
> > an unsecure method decompressing executables on the fly opening a way
> > of calling arbitrary programs. Newer versions for bo and hamm are
> > fixing this. We recommend you upgrade your gzip package if you're
> > using the gzexe method.
> > Intel architecture:
> > ftp://ftp.debian.org/debian/bo/binary-i386/base/gzip_1.2.4-26.1.deb
> > MD5 checksum: 1f7cb9c0f4c4377cc762e2a00575274d
>
> This deb has been pushed into stable. It pre-depends on debianutils
> >= 1.6, but the version of debianutils in stable is only 1.5.
Yes, we already noticed this mistake. We're awfully sorry for that.
We'll upload a version 1.6 of debianutils for bo soon.
Regards,
Joey
--
/ Martin Schulze * joey@infodrom.north.de * 26129 Oldenburg /
/ http://home.pages.de/~joey/
/ Install joe (Joey's Own Editor) correct: Joe's Own Editor /
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: