Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow
this depend on how the packager choosed to build the package: with static
or dynamic library.
The only missing packages on the list i reckon are the kernel images.
JeF
On Tue, Mar 12, 2002 at 12:15:49PM +0200, Dmitry Borodaenko wrote:
> On Mon, Mar 11, 2002 at 09:42:39PM +0100, Michael Stone wrote:
> > The zlib vulnerability is fixed in the Debian zlib package version
> > 1.1.3-5.1. A number of programs either link statically to zlib or include
> > a private copy of zlib code. These programs must also be upgraded
> > to eliminate the zlib vulnerability. The affected packages and fixed
> > versions follow:
> > amaya 2.4-1potato1
> > dictd 1.4.9-9potato1
> > erlang 49.1-10.1
> > freeamp 2.0.6-2.1
> > mirrordir 0.10.48-2.1
> > ppp 2.3.11-1.5
> > rsync 2.3.2-1.6
> > vrweb 1.5-5.1
>
> For comparison, here is a list of packages reported to be affected by
> the zlib vulnerability in ALT Linux Sisyphus (fixed src.rpms listed):
>
> XFree86-4.2.0-alt2.src.rpm
> XFree86-compat-3.3.6-ipl23mdk.src.rpm
> freeswan-1.95-alt3.src.rpm
> iptables-1.2.5-alt1.src.rpm
> kernel-headers-common-1.0-alt1.src.rpm
> kernel22-2.2.21-alt3.p4.src.rpm
> kernel24-2.4.18-alt2.src.rpm
> kernel24-2.4.7-alt3.src.rpm
> libpopt-1.7-alt2.src.rpm
> mkinitrd-2.7.1-alt6.1.src.rpm
> mktemp-1.4-alt1.src.rpm
> modutils-2.4.12-alt1.src.rpm
> pngcrush-1.5.8-alt2.src.rpm
> rpm-3.0.6-ipl29.2mdk.src.rpm
> rsync-2.5.3-alt2.src.rpm
> vnc-3.3.3r2-alt2.src.rpm
> zlib-1.1.3-ipl15mdk.src.rpm
>
> As you can see, there are packages fixed in Sisyphus that are not
> mentioned in Debian announcement. Does this mean that Debian
> counterparts were not affected in the first place, or that they were
> overlooked?
>
> --
> Dmitry Borodaenko
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
-> Jean-Francois Dive
--> jef@linuxbe.org
Reply to: