Date: Tue, 12 Mar 2002 13:04:46 -0500 (EST) From: Trevor Johnson <trevor@jpj.net> To: Brian Behlendorf <brian@collab.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Ports Security Advisory FreeBSD-SA-02:16.netscape Message-ID: <20020312125415.W25328-100000@blues.jpj.net> In-Reply-To: <20020312092148.J653-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Brian Behlendorf wrote: > On Tue, 12 Mar 2002, Trevor Johnson wrote: > > Regardless, I'd recommend that you update to Mozilla 0.9.9, because of the > > zlib "double free" bug. Mozilla contains its own copy of the zlib code, > > which was corrected as of version 0.9.9. > > Unless I misunderstand something, even those apps with their own > statically linked copies of zlib are not vulnerable on freebsd due to > freebsd's malloc implementation, right? Unless they also statically > compiled in glibc? I would suppose that dynamically linking to glibc would cause problems too. The Linux binary of Mozilla, which I assumed Dave Hawkey was asking about, does that (I updated the port of it today). I would suppose that the native Mozilla might be fine--unless, as you suggest, it contains its own copy of GNU malloc. -- Trevor Johnson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020312125415.W25328-100000>