bugzilla-daemon at mindrot.org
2005-Jul-27 06:38 UTC
[Bug 1063] Checking for zlib version 1.2.3
http://bugzilla.mindrot.org/show_bug.cgi?id=1063
Summary: Checking for zlib version 1.2.3
Product: Portable OpenSSH
Version: -current
Platform: All
URL: http://www.zlib.net/
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Build system
AssignedTo: bitbucket at mindrot.org
ReportedBy: senthilkumar_sen at hotpop.com
The OpenSSH currently checks for zlib version 1.2.1.2 or up. But a buffer
overflow vulnerability exists in 1.2.x series versions 1.2.2 and below, the
fix is available in zlib version 1.2.3.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Jul-27 06:43 UTC
[Bug 1063] Checking for zlib version 1.2.3
http://bugzilla.mindrot.org/show_bug.cgi?id=1063 ------- Additional Comments From senthilkumar_sen at hotpop.com 2005-07-27 16:43 ------- Created an attachment (id=943) --> (http://bugzilla.mindrot.org/attachment.cgi?id=943&action=view) Patch to make configure to exit on vulnerable Zlib version The attached patch against current snapshot makes the configure script to exit on vulnerable Zlib version. Please let me know if there are any comments. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Jul-27 08:47 UTC
[Bug 1063] Checking for zlib version 1.2.3
http://bugzilla.mindrot.org/show_bug.cgi?id=1063
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From dtucker at zip.com.au 2005-07-27 18:47 -------
Thanks, but it's a couple of days late :-) From ChangeLog:
20050725
- (dtucker) [configure.ac] Update zlib version check for CAN-2005-2096.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Apparently Analagous Threads
- [Bug 1032] PrintLastLog is not working with UseLogin yes
- [Bug 1083] Disable login for locked account
- [Bug 1058] Updating protected password database in HP-UX
- [Bug 980] sshd does not write the session leader pid to utmp when priv-separation is enabled
- [Bug 1029] SIGTERM and cleanup of wtmp files