Hi, The Sarge package is not usable with SARGE ... it depends on libc6 >= 2.3.5-1 , and Sarge use 2.3.2.ds1-22 Paul Gotch has already opened a bug report (#326210) on September 2 . It seems that nobody has read it. Thanks for all the good job. Le vendredi 02 septembre 2005 à 03:52 +0200, Michael Stone a écrit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - -------------------------------------------------------------------------- > Debian Security Advisory DSA 797-1 security@debian.org > http://www.debian.org/security/ Michael Stone > September 1st, 2005 http://www.debian.org/security/faq > - -------------------------------------------------------------------------- > > Package : zsync > Vulnerability : DOS > Problem-Type : buffer overflow > Debian-specific: no > CVE ID : CAN-2005-1849, CAN-2005-2096 > > zsync, a file transfer program, includes a modified local copy of > the zlib library, and is vulnerable to certain bugs fixed previously > in the zlib package. > > The old stable distribution (woody) does not contain the zsync > package. > > For the stable distribution (sarge) this problem has been fixed in > version 0.3.3-1.sarge.1. > > For the unstable distribution (sid) this problem has been fixed in > version 0.4.0-2. > > We recommend that you upgrade your zsync package. > > > Upgrade Instructions > - -------------------- > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > Debian GNU/Linux 3.1 alias sarge > - -------------------------------- > > Source archives: > > http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1.dsc > Size/MD5 checksum: 742 38abbfacbf93f57692641a0f257abe4e > http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1.diff.gz > Size/MD5 checksum: 6213 224eae057a1eebdd3ffe16e6e3d584e6 > http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3.orig.tar.gz > Size/MD5 checksum: 241726 71efef80525276990cf8af97ee2b8f97 > > Alpha architecture: > > http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_alpha.deb > Size/MD5 checksum: 120612 0efd2b252f7a2eebac03d04aee7bff87 > > AMD64 architecture: > > http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_amd64.deb > Size/MD5 checksum: 99560 ede8508b5d555b6be89c5adbbea49c20 > > ARM architecture: > > http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_arm.deb > Size/MD5 checksum: 100420 713b7d689f4ccdf4317c255dd0de7e6f > > Intel IA-32 architecture: > > http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_i386.deb > Size/MD5 checksum: 98414 bb4ff605c6e3b94f23dd0986ca55e450 > > Intel IA-64 architecture: > > http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_ia64.deb > Size/MD5 checksum: 139370 91cef962076eb5d66ddda86e1ca1e8f8 > > HP Precision architecture: > > http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_hppa.deb > Size/MD5 checksum: 105062 ba01f3b644ea1be05e51d3d07b00d363 > > Motorola 680x0 architecture: > > http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_m68k.deb > Size/MD5 checksum: 85176 ec83816290778ca23005cbcf001962ed > > Big endian MIPS architecture: > > http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_mips.deb > Size/MD5 checksum: 106840 bdd9b5d16ed84330292a97eb01deb381 > > Little endian MIPS architecture: > > http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_mipsel.deb > Size/MD5 checksum: 107912 bf7c5dfcac00e250efefe59959f47deb > > PowerPC architecture: > > http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_powerpc.deb > Size/MD5 checksum: 100460 7126e64533e31ccd1be3302772ca4158 > > IBM S/390 architecture: > > http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_s390.deb > Size/MD5 checksum: 103472 b9712abdbaa529ab5ed20854b5b70406 > > Sun Sparc architecture: > > http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_sparc.deb > Size/MD5 checksum: 98614 534233dd79188ea592f23a0b00f5d524 > > > These files will probably be moved into the stable distribution on > its next update. > > - --------------------------------------------------------------------------------- > For apt-get: deb http://security.debian.org/ stable/updates main > For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main > Mailing list: debian-security-announce@lists.debian.org > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (GNU/Linux) > > iQCVAwUBQxevaA0hVr09l8FJAQJekwQA1priiEMejHgPhx/OWzDPvL/KhkPypvz0 > a7ekol446/PVCQlAdhAyv6kAV+Vrdh28f08RFSMa/9CS3Jt60M5Gh4toVuM5zjbG > HUH6OYB1l2nvBg73ulBzW5+CBue1XNF9JbXoB54PbkIwFydUC+Vg7czt8qEx3gnV > bmAMQNEQauw= > =2zlR > -----END PGP SIGNATURE----- > > -- Renaud Duhaut <rd@duhaut.com>
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=