Date: Tue, 12 Mar 2002 10:11:03 -0500 From: "Brian F. Feldman" <green@FreeBSD.ORG> To: "Jacques A. Vidrine" <nectar@FreeBSD.ORG> Cc: freebsd-security@FreeBSD.ORG, jedgar@FreeBSD.ORG Subject: Re: zlib and FreeBSD (was Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1?) Message-ID: <200203121511.g2CFB3U10275@green.bikeshed.org> In-Reply-To: Your message of "Tue, 12 Mar 2002 08:53:37 CST." <20020312145337.GB35955@madman.nectar.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jacques A. Vidrine" <nectar@FreeBSD.ORG> wrote: > In addition to Poul-Henning's information below, the zlib bug was also > patched in the security branches around February 22nd ``just in > case.'' Likewise, similar code in the kernel was fixed > (sys/net/zlib.c). > > Hmm, I just noticed that for some reason, the fixes don't seem to have > been committed to -CURRENT or -STABLE. Maybe Chris had a reason for > this. It may be a moot point soon, as Brian has recently imported the > new (fixed) zlib into -CURRENT, and I imagine he will merge it into > -STABLE before long. Yes, I plan on MFCing it soon, since I have it on my RELENG_4_5 desktop and it seems to work just fine (as I imagine it darn well should). Even though we're not vulnerable, and the bug is fixed earlier, I want to be able to say that we ship a known-good copy of zlib and have the version numbers there to back it up. Sound reasonable? -- Brian Fundakowski Feldman \'[ FreeBSD ]''''''''''\ <> green@FreeBSD.org <> bfeldman@tislabs.com \ The Power to Serve! \ Opinions expressed are my own. \,,,,,,,,,,,,,,,,,,,,,,\ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203121511.g2CFB3U10275>