[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] New versions of gzip available

On Fri, May 15, 1998 at 12:46:54PM -0400, Gavin Romig-Koch wrote:

>  > We were told by Michal Zalewski that gzexe as shipped with gzip uses
>  > an unsecure method decompressing executables on the fly opening a way
>  > of calling arbitrary programs.  Newer versions for bo and hamm are
>  > fixing this.  We recommend you upgrade your gzip package if you're
>  > using the gzexe method.

>  >   Intel architecture:
>  >     ftp://ftp.debian.org/debian/bo/binary-i386/base/gzip_1.2.4-26.1.deb
>  >       MD5 checksum: 1f7cb9c0f4c4377cc762e2a00575274d
> 
> This deb has been pushed into stable.  It pre-depends on debianutils
> >= 1.6, but the version of debianutils in stable is only 1.5.  

Yes, we already noticed this mistake.  We're awfully sorry for that.
We'll upload a version 1.6 of debianutils for bo soon.

Regards,

	Joey

-- 
  / Martin Schulze  *  joey@infodrom.north.de  *  26129 Oldenburg /
 /                                     http://home.pages.de/~joey/
/ Install joe (Joey's Own Editor)     correct: Joe's Own Editor /


--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: