Date: Tue, 21 May 2002 15:42:56 -0700 From: "Philip J. Koenig" <pjklist@ekahuna.com> To: security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:25.bzip2 Message-ID: <20020521224257147.AAA419@empty1.ekahuna.com@pc02.ekahuna.com> In-Reply-To: <200205201608.g4KG8Ee23981@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Regarding security advisory FreeBSD-SA-02:25: > Topic: bzip2 contains multiple security vulnerabilities > > 1) Upgrade your vulnerable system to 4.5-STABLE or the RELENG_4_4 or > RELENG_4_5 security branch dated after the respective correction dates. [...] > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > [Base system] > > Branch > Path Revision > - ------------------------------------------------------------------------- > RELENG_4 > src/contrib/bzip2/CHANGES 1.1.1.1.2.2 > src/contrib/bzip2/FREEBSD-upgrade 1.1.2.1 > src/contrib/bzip2/LICENSE 1.1.1.1.2.2 > src/contrib/bzip2/Makefile 1.1.1.1.2.2 > src/contrib/bzip2/Makefile-libbz2_so 1.1.1.1.2.2 > src/contrib/bzip2/README 1.1.1.1.2.2 > src/contrib/bzip2/README.COMPILATION.PROBLEMS 1.1.1.1.2.2 > src/contrib/bzip2/Y2K_INFO 1.1.1.1.2.1 > src/contrib/bzip2/blocksort.c 1.1.1.1.2.2 > src/contrib/bzip2/bzip2.1 1.1.1.1.2.2 > src/contrib/bzip2/bzip2.c 1.1.1.1.2.2 > src/contrib/bzip2/bzip2recover.c 1.1.1.1.2.2 > src/contrib/bzip2/bzlib.c 1.1.1.1.2.2 > src/contrib/bzip2/bzlib.h 1.1.1.1.2.2 > src/contrib/bzip2/bzlib_private.h 1.1.1.1.2.2 > src/contrib/bzip2/compress.c 1.1.1.1.2.2 > src/contrib/bzip2/crctable.c 1.1.1.1.2.2 > src/contrib/bzip2/decompress.c 1.1.1.1.2.2 > src/contrib/bzip2/dlltest.c 1.1.1.1.2.2 > src/contrib/bzip2/huffman.c 1.1.1.1.2.2 > src/contrib/bzip2/libbz2.def 1.1.1.1.2.1 > src/contrib/bzip2/makefile.msc 1.1.1.1.2.2 > src/contrib/bzip2/manual.texi 1.1.1.1.2.2 > src/contrib/bzip2/randtable.c 1.1.1.1.2.2 > src/contrib/bzip2/sample1.bz2.uu 1.1.1.1.2.2 > src/contrib/bzip2/sample1.ref.gz.uu 1.1.1.1.2.2 > src/contrib/bzip2/sample2.bz2.uu 1.1.1.1.2.2 > src/contrib/bzip2/sample2.ref.gz.uu 1.1.1.1.2.1 > src/contrib/bzip2/sample3.bz2.uu 1.1.1.1.2.2 > src/contrib/bzip2/sample3.ref.gz.uu 1.1.1.1.2.1 > src/contrib/bzip2/spewG.c 1.1.1.1.2.1 > src/contrib/bzip2/unzcrash.c 1.1.1.1.2.1 > src/contrib/bzip2/words0 1.1.1.1.2.1 > src/contrib/bzip2/words1 1.1.1.1.2.1 > src/contrib/bzip2/words2 1.1.1.1.2.1 > src/contrib/bzip2/words3 1.1.1.1.2.2 [...] > All files in src/contrib/bzip2 have identical revision numbers on > their respective branches but do not contain the revision number in > the source code. I just updated the system on 5/20 but wanted to verify that it has the right bzip version. Unfortunately (as noted above) the source doesn't contain any version numbers. Also, the newest file date under src/contrib/bzip2 is 2/18/2002. Is this correct? Thx, Phil -- Philip J. Koenig pjklist@ekahuna.com Electric Kahuna Systems -- Computers & Communications for the New Millenium To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020521224257147.AAA419>