Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow
On Mon, Mar 11, 2002 at 09:42:39PM +0100, Michael Stone wrote:
> The zlib vulnerability is fixed in the Debian zlib package version
> 1.1.3-5.1. A number of programs either link statically to zlib or include
> a private copy of zlib code. These programs must also be upgraded
> to eliminate the zlib vulnerability. The affected packages and fixed
> versions follow:
> amaya 2.4-1potato1
> dictd 1.4.9-9potato1
> erlang 49.1-10.1
> freeamp 2.0.6-2.1
> mirrordir 0.10.48-2.1
> ppp 2.3.11-1.5
> rsync 2.3.2-1.6
> vrweb 1.5-5.1
For comparison, here is a list of packages reported to be affected by
the zlib vulnerability in ALT Linux Sisyphus (fixed src.rpms listed):
XFree86-4.2.0-alt2.src.rpm
XFree86-compat-3.3.6-ipl23mdk.src.rpm
freeswan-1.95-alt3.src.rpm
iptables-1.2.5-alt1.src.rpm
kernel-headers-common-1.0-alt1.src.rpm
kernel22-2.2.21-alt3.p4.src.rpm
kernel24-2.4.18-alt2.src.rpm
kernel24-2.4.7-alt3.src.rpm
libpopt-1.7-alt2.src.rpm
mkinitrd-2.7.1-alt6.1.src.rpm
mktemp-1.4-alt1.src.rpm
modutils-2.4.12-alt1.src.rpm
pngcrush-1.5.8-alt2.src.rpm
rpm-3.0.6-ipl29.2mdk.src.rpm
rsync-2.5.3-alt2.src.rpm
vnc-3.3.3r2-alt2.src.rpm
zlib-1.1.3-ipl15mdk.src.rpm
As you can see, there are packages fixed in Sisyphus that are not
mentioned in Debian announcement. Does this mean that Debian
counterparts were not affected in the first place, or that they were
overlooked?
--
Dmitry Borodaenko
Reply to: