Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow

To: debian-devel@lists.debian.org
Subject: Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow
From: Joey Hess <joeyh@debian.org>
Date: Mon, 11 Mar 2002 19:50:44 -0500
Message-id: <[🔎] 20020312005043.GA1549@kitenet.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <E16kWdJ-00020a-00@pandora.debian.org>
References: <E16kWdJ-00020a-00@pandora.debian.org>

Michael Stone wrote:
>  A number of programs either link statically to zlib or include
> a private copy of zlib code. These programs must also be upgraded
> to eliminate the zlib vulnerability. The affected packages and fixed
> versions follow:
>   amaya 2.4-1potato1
>   dictd 1.4.9-9potato1
>   erlang 49.1-10.1
>   freeamp 2.0.6-2.1
>   mirrordir 0.10.48-2.1
>   ppp 2.3.11-1.5
>   rsync 2.3.2-1.6
>   vrweb 1.5-5.1

So how many of these packages actually have a good reason to include
their own zlib or link statically? This particular security hole is a
classic example of why doing either with any library is braindead.
Shouldn't we try to make them all use the standard zlib, dynamically
linked?

I know that some packages I maintain have thier own copy if zlib in
them, luckily I went with the dynamic library, so they do not appear in
the above list.

-- 
see shy jo

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow
  - From: Michael Stone <mstone@debian.org>
- Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: Debian joning OASIS?
Next by Date: Re: Debian joning OASIS?
Previous by thread: Re: popularity-contest as standard?
Next by thread: Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow
Index(es):
- Date
- Thread