Addressing the recent zlib issue

To: debian-security@lists.debian.org
Subject: Addressing the recent zlib issue
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sun, 10 Jul 2005 15:59:43 +0200
Message-id: <[🔎] 87pstqzrqo.fsf@deneb.enyo.de>

On my system, the following packages contain statically linked copies
of zlib-related code:

  dpkg (zlib version 1.2.2)
  various kernel images (zlib version 1.1.3)
  monotone (probably an independent reimplementation of the algorithm)
  mozilla-browser (zlib version 1.1.4)
  openoffice.org-bin (zlib version 1.1.4, via libmozz)
  rsync (probably version 1.1)
  zsync (zlib version 1.2.1.1)

Is anybody looking at this problem in a systematic manner, or should I
just file bugs on the more likely candidates for a security update
(dpkg and zysnc, based on the list above and assuming that 1.1 is
indeed not affected).

I'll check if I can make available an updated version of find-zlib,
but the old one still seems to work to some extent.

Reply to:

Follow-Ups:
- Re: Addressing the recent zlib issue
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Addressing the recent zlib issue
  - From: Philippe Troin <phil@fifi.org>
- Re: Addressing the recent zlib issue
  - From: Robert Lemmen <robertle@semistable.com>
- Re: Addressing the recent zlib issue
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Addressing the recent zlib issue
  - From: Kurt Roeckx <kurt@roeckx.be>

Prev by Date: Software Compatibility....ain't it great?
Next by Date: Re: Addressing the recent zlib issue
Previous by thread: Software Compatibility....ain't it great?
Next by thread: Re: Addressing the recent zlib issue
Index(es):
- Date
- Thread