From owner-freebsd-security  Thu Feb 27  9:47:48 2003
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C061637B401
	for <freebsd-security@freebsd.org>; Thu, 27 Feb 2003 09:47:45 -0800 (PST)
Received: from kurush.osdn.org.ua (external.osdn.org.ua [212.40.34.156])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E672943FA3
	for <freebsd-security@freebsd.org>; Thu, 27 Feb 2003 09:47:35 -0800 (PST)
	(envelope-from never@kurush.osdn.org.ua)
Received: from kurush.osdn.org.ua (never@localhost [127.0.0.1])
	by kurush.osdn.org.ua (8.12.6/8.12.6) with ESMTP id h1RHHTM9014235
	for <freebsd-security@freebsd.org>; Thu, 27 Feb 2003 19:17:30 +0200 (EET)
	(envelope-from never@kurush.osdn.org.ua)
Received: (from never@localhost)
	by kurush.osdn.org.ua (8.12.6/8.12.6/Submit) id h1RHHTfN014234
	for freebsd-security@freebsd.org; Thu, 27 Feb 2003 19:17:29 +0200 (EET)
Date: Thu, 27 Feb 2003 19:17:29 +0200
From: Alexandr Kovalenko <never@nevermind.kiev.ua>
To: freebsd-security@freebsd.org
Subject: Fwd: (patch for zlib) Re: poc zlib sploit just for fun :)
Message-ID: <20030227171729.GC5081@nevermind.kiev.ua>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

----- Forwarded message from "Ralf S. Engelschall" <rse@engelschall.com> -----

Date: Thu, 27 Feb 2003 15:41:49 +0100
From: "Ralf S. Engelschall" <rse@engelschall.com>
To: bugtraq@securityfocus.com
Subject: Re: poc zlib sploit just for fun :)
Reply-To: rse@engelschall.com


In article <200302241751.25591.kelledin+BTQ@skarpsey.dyndns.org> you wrote:

> [...]
> Attached below is a patch RK and I whipped up yesterday, after I 
> caught wind of this problem sometime in the afternoon.
> [...]

Thanks for your efforts. We've reviewed your patch for inclusion into
our OpenPKG "zlib" package and discovered that your configure checks are
not quite correct. For instance, you're incorrectly putting a va_list
variable into a snprintf call in one check, etc. Additionally we've
stripped down in size the patch to gzio.c (you re-formatted existing
code, etc). See http://cvs.openpkg.org/openpkg-src/zlib/zlib.patch for
our derived version of your patch in case you're interested.

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

----- End forwarded message -----

-- 
NEVE-RIPE, will build world for food
Ukrainian FreeBSD User Group
http://uafug.org.ua/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message