upcoming release 6.1: old version of some core components
Kris Kennaway
kris at obsecurity.org
Wed Apr 12 17:53:18 UTC 2006
On Wed, Apr 12, 2006 at 10:18:08AM +0100, Alex Zbyslaw wrote:
> Ted Mittelstaedt wrote:
>
> >Alex, you would lose that bet, zlib 1.2.2 has a hole in it, it
> >should have been replaced with 1.2.3 See the zlib website
> >for more info.
> >
> >Nospam, good catch, if none of the hip-shooters here file a PR I'll
> >get around to it the next time I get a running build off the
> >cvs.
> >
> >
> Sorry, I remain unconvinced. Follow the bug links on the zlib home page
> and both contain "References" like this:
>
> >
> >ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc
> >https://rhn.redhat.com/errata/RHSA-2005-569.html
> >http://secunia.com/advisories/15949/
>
> So unless the fixes somehow were un-made for 6.1, zlib is not
> vulnerable, regardless of whether the version number is 1.2.2 or 1.2.3.
Yes, Ted is wrong.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060412/eb2ecd03/attachment.pgp
More information about the freebsd-questions
mailing list