thr3ads.net - Secure testing team - [Secure-testing-team] Re: Addressing the recent zlib issue [Mar 2006]

If this information is useful, please help other people find it:
Share via:

Florian Weimer

2006-Mar-13 12:28 UTC

[Secure-testing-team] Re: Addressing the recent zlib issue

* Moritz Muehlenhoff:
> Can you forward further findings to
> secure-testing-team@lists.alioth.debian.org?  We''ll track it in
our
> SVN repo as well.
I''ve posted a list of bug reports to the debian-security
mailing list:

  http://lists.debian.org/debian-security/2005/07/msg00158.html

Do you need further information, besides what is available in the bug
reports?

Moritz Muehlenhoff

2006-Mar-13 12:28 UTC

head link

[Secure-testing-team] Re: Addressing the recent zlib issue

Florian Weimer wrote:> I''ve posted a list of bug reports to the debian-security
> mailing list:
> 
>   http://lists.debian.org/debian-security/2005/07/msg00158.html
> 
> Do you need further information, besides what is available in the bug
> reports?
Thanks, we currently have this status in our SVN:

        - dpkg (unfixed; bug #317967; medium)
        - zsync (unfixed; bug #317968; medium)
        - dump (unfixed; bug #317966; medium)
        - aide (unfixed; bug #317523; medium)
        - amd64-libs (unfixed; bug #317970; medium)
        - ia32-libs (unfixed; bug #317971; medium)
        - dar-static (unfixed; bug #317989; medium)
        - bacula-sd (unfixed; bug #318014; medium)
        - sash (unfixed; bug #318069; medium)
        - libphysfs-1.0-0 1.0.0-5 (medium)
        - mrtg (unfixed; bug #318096; medium)
        - oops (unfixed; bug #318097; medium)
        - lsb-rpm (unfixed; bug #318099; medium)
        - rageircd 2.0.0-3sid1 (medium)
        - systemimager-ssh (unfixed; bug #318101; medium)
        - texmacs (unfixed; bug #318100; medium)

oops is not in testing (RC bugs, unmaintained).

Cheers,
        Moritz

Moritz Muehlenhoff

2006-Mar-13 12:28 UTC

head link

[Secure-testing-team] Re: Addressing the recent zlib issue

In gmane.linux.debian.devel.security, you wrote:> On my system, the following packages contain statically linked copies
> of zlib-related code:
>
> Is anybody looking at this problem in a systematic manner, or should I
> just file bugs on the more likely candidates for a security update
> (dpkg and zysnc, based on the list above and assuming that 1.1 is
> indeed not affected).
Can you forward further findings to secure-testing-team@lists.alioth.debian.org?
We''ll track it in our SVN repo as well.

Thanks,
        Moritz

Secure testing team - Mar 2006 - Re: Addressing the recent zlib issue

[Secure-testing-team] Re: Addressing the recent zlib issue

[Secure-testing-team] Re: Addressing the recent zlib issue

[Secure-testing-team] Re: Addressing the recent zlib issue