[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Addressing the recent zlib issue

On Sun, Jul 10, 2005 at 03:59:43PM +0200, Florian Weimer wrote:
> On my system, the following packages contain statically linked copies
> of zlib-related code:

I'm still interested in a full list of pacakges staticly linked
to any version of zlib.

We had a few advisories about zlib so far:
DSA-763 (CAN-2005-1849): fixed in 1.2.2-4.sarge.2, 1.2.3-1
DSA-740 (CAN-2005-2096): fixed in 1.2.2-4.sarge.1, 1.2.2-7
DSA-122 (CVE-2002-0059): fixed in 1.1.3-5.1, 1.1.3-19.1, several
  other packages got fixed at that time.

Afaik, we don't even have advisories for:
CAN-2004-0797: fixed in
CVE-2003-0107: fixed in 1.1.4-10

And maybe I didn't even find a few.

I think we really should update all packages to:
- Build depend on zlib1g-dev when possible.
- Build them use the latest version (1.2.3-1)
- Document which are linked staticly.


Reply to: