Date: Wed, 12 Apr 2006 13:53:17 -0400 From: Kris Kennaway <kris@obsecurity.org> To: Alex Zbyslaw <xfb52@dial.pipex.com> Cc: freebsd-questions@freebsd.org, Ted Mittelstaedt <tedm@toybox.placo.com> Subject: Re: upcoming release 6.1: old version of some core components Message-ID: <20060412175317.GA24157@xor.obsecurity.org> In-Reply-To: <443CC5D0.7020404@dial.pipex.com> References: <LOBBIFDAGNMAMLGJJCKNCEKBFDAA.tedm@toybox.placo.com> <443CC5D0.7020404@dial.pipex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--0F1p//8PRICkK4MW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 12, 2006 at 10:18:08AM +0100, Alex Zbyslaw wrote: > Ted Mittelstaedt wrote: >=20 > >Alex, you would lose that bet, zlib 1.2.2 has a hole in it, it > >should have been replaced with 1.2.3 See the zlib website > >for more info. > > > >Nospam, good catch, if none of the hip-shooters here file a PR I'll > >get around to it the next time I get a running build off the > >cvs. > >=20 > > > Sorry, I remain unconvinced. Follow the bug links on the zlib home page= =20 > and both contain "References" like this: >=20 > > > >ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.= asc > >https://rhn.redhat.com/errata/RHSA-2005-569.html > >http://secunia.com/advisories/15949/ >=20 > So unless the fixes somehow were un-made for 6.1, zlib is not=20 > vulnerable, regardless of whether the version number is 1.2.2 or 1.2.3. Yes, Ted is wrong. Kris --0F1p//8PRICkK4MW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFEPT6MWry0BWjoQKURAuRBAJwKRoxLlIAkgekJxmDuuLlfHrAZOQCeMk6P mJGdRmuWQec8KqQZhlmppaw= =R2D5 -----END PGP SIGNATURE----- --0F1p//8PRICkK4MW--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060412175317.GA24157>