From owner-freebsd-questions@FreeBSD.ORG Wed Apr 12 17:53:18 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7631316A401 for ; Wed, 12 Apr 2006 17:53:18 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 057C443D6E for ; Wed, 12 Apr 2006 17:53:18 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id DFA551A3C2C; Wed, 12 Apr 2006 10:53:17 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 607D751559; Wed, 12 Apr 2006 13:53:17 -0400 (EDT) Date: Wed, 12 Apr 2006 13:53:17 -0400 From: Kris Kennaway To: Alex Zbyslaw Message-ID: <20060412175317.GA24157@xor.obsecurity.org> References: <443CC5D0.7020404@dial.pipex.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="0F1p//8PRICkK4MW" Content-Disposition: inline In-Reply-To: <443CC5D0.7020404@dial.pipex.com> User-Agent: Mutt/1.4.2.1i Cc: freebsd-questions@freebsd.org, Ted Mittelstaedt Subject: Re: upcoming release 6.1: old version of some core components X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Apr 2006 17:53:18 -0000 --0F1p//8PRICkK4MW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 12, 2006 at 10:18:08AM +0100, Alex Zbyslaw wrote: > Ted Mittelstaedt wrote: >=20 > >Alex, you would lose that bet, zlib 1.2.2 has a hole in it, it > >should have been replaced with 1.2.3 See the zlib website > >for more info. > > > >Nospam, good catch, if none of the hip-shooters here file a PR I'll > >get around to it the next time I get a running build off the > >cvs. > >=20 > > > Sorry, I remain unconvinced. Follow the bug links on the zlib home page= =20 > and both contain "References" like this: >=20 > > > >ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.= asc > >https://rhn.redhat.com/errata/RHSA-2005-569.html > >http://secunia.com/advisories/15949/ >=20 > So unless the fixes somehow were un-made for 6.1, zlib is not=20 > vulnerable, regardless of whether the version number is 1.2.2 or 1.2.3. Yes, Ted is wrong. Kris --0F1p//8PRICkK4MW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFEPT6MWry0BWjoQKURAuRBAJwKRoxLlIAkgekJxmDuuLlfHrAZOQCeMk6P mJGdRmuWQec8KqQZhlmppaw= =R2D5 -----END PGP SIGNATURE----- --0F1p//8PRICkK4MW--