Date: Wed, 12 Apr 2006 13:53:17 -0400 From: Kris Kennaway <kris@obsecurity.org> To: Alex Zbyslaw <xfb52@dial.pipex.com> Cc: freebsd-questions@freebsd.org, Ted Mittelstaedt <tedm@toybox.placo.com> Subject: Re: upcoming release 6.1: old version of some core components Message-ID: <20060412175317.GA24157@xor.obsecurity.org> In-Reply-To: <443CC5D0.7020404@dial.pipex.com> References: <LOBBIFDAGNMAMLGJJCKNCEKBFDAA.tedm@toybox.placo.com> <443CC5D0.7020404@dial.pipex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Wed, Apr 12, 2006 at 10:18:08AM +0100, Alex Zbyslaw wrote: > Ted Mittelstaedt wrote: > > >Alex, you would lose that bet, zlib 1.2.2 has a hole in it, it > >should have been replaced with 1.2.3 See the zlib website > >for more info. > > > >Nospam, good catch, if none of the hip-shooters here file a PR I'll > >get around to it the next time I get a running build off the > >cvs. > > > > > Sorry, I remain unconvinced. Follow the bug links on the zlib home page > and both contain "References" like this: > > > > >ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc > >https://rhn.redhat.com/errata/RHSA-2005-569.html > >http://secunia.com/advisories/15949/ > > So unless the fixes somehow were un-made for 6.1, zlib is not > vulnerable, regardless of whether the version number is 1.2.2 or 1.2.3. Yes, Ted is wrong. Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFEPT6MWry0BWjoQKURAuRBAJwKRoxLlIAkgekJxmDuuLlfHrAZOQCeMk6P mJGdRmuWQec8KqQZhlmppaw= =R2D5 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060412175317.GA24157>