From owner-freebsd-security  Tue Mar 12  7:22:29 2002
Delivered-To: freebsd-security@freebsd.org
Received: from green.bikeshed.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id B4BCC37C507; Tue, 12 Mar 2002 07:11:55 -0800 (PST)
Received: from localhost (green@localhost)
	by green.bikeshed.org (8.11.6/8.11.6) with ESMTP id g2CFB3U10275;
	Tue, 12 Mar 2002 10:11:06 -0500 (EST)
	(envelope-from green@green.bikeshed.org)
Message-Id: <200203121511.g2CFB3U10275@green.bikeshed.org>
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: "Jacques A. Vidrine" <nectar@FreeBSD.ORG>
Cc: freebsd-security@FreeBSD.ORG, jedgar@FreeBSD.ORG
Subject: Re: zlib and FreeBSD (was Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1?) 
In-Reply-To: Your message of "Tue, 12 Mar 2002 08:53:37 CST."
             <20020312145337.GB35955@madman.nectar.cc> 
From: "Brian F. Feldman" <green@FreeBSD.ORG>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 12 Mar 2002 10:11:03 -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

"Jacques A. Vidrine" <nectar@FreeBSD.ORG> wrote:
> In addition to Poul-Henning's information below, the zlib bug was also
> patched in the security branches around February 22nd ``just in
> case.''  Likewise, similar code in the kernel was fixed
> (sys/net/zlib.c).
> 
> Hmm, I just noticed that for some reason, the fixes don't seem to have
> been committed to -CURRENT or -STABLE.  Maybe Chris had a reason for
> this.  It may be a moot point soon, as Brian has recently imported the
> new (fixed) zlib into -CURRENT, and I imagine he will merge it into
> -STABLE before long.

Yes, I plan on MFCing it soon, since I have it on my RELENG_4_5 desktop and 
it seems to work just fine (as I imagine it darn well should).  Even though 
we're not vulnerable, and the bug is fixed earlier, I want to be able to say 
that we ship a known-good copy of zlib and have the version numbers there to 
back it up.  Sound reasonable?

-- 
Brian Fundakowski Feldman                           \'[ FreeBSD ]''''''''''\
  <> green@FreeBSD.org  <> bfeldman@tislabs.com      \  The Power to Serve! \
 Opinions expressed are my own.                       \,,,,,,,,,,,,,,,,,,,,,,\



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message