From owner-freebsd-bugs@FreeBSD.ORG  Tue Nov 15 02:50:24 2005
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 11EC716A41F
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 15 Nov 2005 02:50:24 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CC63C43D49
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 15 Nov 2005 02:50:23 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id jAF2oN13026711
	for <freebsd-bugs@freefall.freebsd.org>; Tue, 15 Nov 2005 02:50:23 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id jAF2oNYv026710;
	Tue, 15 Nov 2005 02:50:23 GMT (envelope-from gnats)
Date: Tue, 15 Nov 2005 02:50:23 GMT
Message-Id: <200511150250.jAF2oNYv026710@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Kris Kennaway <kris@obsecurity.org>
Cc: 
Subject: Re: misc/89012: FreeBSD-6.0 is still using zlib-1.2.2
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Kris Kennaway <kris@obsecurity.org>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Nov 2005 02:50:24 -0000

The following reply was made to PR kern/89012; it has been noted by GNATS.

From: Kris Kennaway <kris@obsecurity.org>
To: "Jukka A. Ukkonen" <jau@iki.fi>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/89012: FreeBSD-6.0 is still using zlib-1.2.2
Date: Mon, 14 Nov 2005 21:43:09 -0500

 On Mon, Nov 14, 2005 at 04:38:59PM +0000, Jukka A. Ukkonen wrote:
 > 
 > >Number:         89012
 > >Category:       misc
 > >Synopsis:       FreeBSD-6.0 is still using zlib-1.2.2
 > >Confidential:   no
 > >Severity:       serious
 > >Priority:       medium
 > >Responsible:    freebsd-bugs
 > >State:          open
 > >Quarter:        
 > >Keywords:       
 > >Date-Required:
 > >Class:          sw-bug
 > >Submitter-Id:   current-users
 > >Arrival-Date:   Mon Nov 14 16:40:25 GMT 2005
 > >Closed-Date:
 > >Last-Modified:
 > >Originator:     Jukka A. Ukkonen
 > >Release:        FreeBSD-6.0-STABLE
 > >Organization:
 > private citizen
 > >Environment:
 > This report does not refer to an installed FreeBSD-6.0 but to
 > plain source code review.
 > 
 > 
 > >Description:
 >               The ZLIB origin site (www.zlib.net) states this...
 > ------
 > Current release:
 > zlib 1.2.3
 > 
 > July 18, 2005
 > 
 > Version 1.2.3 eliminates potential security vulnerabilities in zlib 1.2.1 and 1.2.2, so all users of those versions should upgrade immediately. The following important fixes are provided in zlib 1.2.3 over 1.2.1 and 1.2.2: 
 > ------
 > 
 > For some odd reason FreeBSD-6.0 seems to be using zlib-1.2.2 though it is claimed
 > to carry security issues.
 
 The security issues were fixed without performing a full upgrade to
 1.2.3 (as described in the relevant FreeBSD security advisory).  Do
 you have reason to believe otherwise?
 
 Kris