Date: Tue, 15 Nov 2005 02:50:23 GMT From: Kris Kennaway <kris@obsecurity.org> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/89012: FreeBSD-6.0 is still using zlib-1.2.2 Message-ID: <200511150250.jAF2oNYv026710@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/89012; it has been noted by GNATS. From: Kris Kennaway <kris@obsecurity.org> To: "Jukka A. Ukkonen" <jau@iki.fi> Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: misc/89012: FreeBSD-6.0 is still using zlib-1.2.2 Date: Mon, 14 Nov 2005 21:43:09 -0500 On Mon, Nov 14, 2005 at 04:38:59PM +0000, Jukka A. Ukkonen wrote: > > >Number: 89012 > >Category: misc > >Synopsis: FreeBSD-6.0 is still using zlib-1.2.2 > >Confidential: no > >Severity: serious > >Priority: medium > >Responsible: freebsd-bugs > >State: open > >Quarter: > >Keywords: > >Date-Required: > >Class: sw-bug > >Submitter-Id: current-users > >Arrival-Date: Mon Nov 14 16:40:25 GMT 2005 > >Closed-Date: > >Last-Modified: > >Originator: Jukka A. Ukkonen > >Release: FreeBSD-6.0-STABLE > >Organization: > private citizen > >Environment: > This report does not refer to an installed FreeBSD-6.0 but to > plain source code review. > > > >Description: > The ZLIB origin site (www.zlib.net) states this... > ------ > Current release: > zlib 1.2.3 > > July 18, 2005 > > Version 1.2.3 eliminates potential security vulnerabilities in zlib 1.2.1 and 1.2.2, so all users of those versions should upgrade immediately. The following important fixes are provided in zlib 1.2.3 over 1.2.1 and 1.2.2: > ------ > > For some odd reason FreeBSD-6.0 seems to be using zlib-1.2.2 though it is claimed > to carry security issues. The security issues were fixed without performing a full upgrade to 1.2.3 (as described in the relevant FreeBSD security advisory). Do you have reason to believe otherwise? Kris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200511150250.jAF2oNYv026710>