From owner-freebsd-security Tue May 21 15:43: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from empty1.ekahuna.com (empty1.ekahuna.com [198.144.200.196]) by hub.freebsd.org (Postfix) with ESMTP id A82C637B405 for ; Tue, 21 May 2002 15:42:57 -0700 (PDT) Received: from pc-02 (pc02.ekahuna.com [198.144.200.197]) by empty1.ekahuna.com (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35) with ESMTP id com for ; Tue, 21 May 2002 15:42:57 -0700 From: "Philip J. Koenig" Organization: The Electric Kahuna Organization To: security@FreeBSD.ORG Date: Tue, 21 May 2002 15:42:56 -0700 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:25.bzip2 Reply-To: pjklist@ekahuna.com In-reply-to: <200205201608.g4KG8Ee23981@freefall.freebsd.org> X-mailer: Pegasus Mail for Win32 (v3.12c) Message-ID: <20020521224257147.AAA419@empty1.ekahuna.com@pc02.ekahuna.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Regarding security advisory FreeBSD-SA-02:25: > Topic: bzip2 contains multiple security vulnerabilities > > 1) Upgrade your vulnerable system to 4.5-STABLE or the RELENG_4_4 or > RELENG_4_5 security branch dated after the respective correction dates. [...] > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > [Base system] > > Branch > Path Revision > - ------------------------------------------------------------------------- > RELENG_4 > src/contrib/bzip2/CHANGES 1.1.1.1.2.2 > src/contrib/bzip2/FREEBSD-upgrade 1.1.2.1 > src/contrib/bzip2/LICENSE 1.1.1.1.2.2 > src/contrib/bzip2/Makefile 1.1.1.1.2.2 > src/contrib/bzip2/Makefile-libbz2_so 1.1.1.1.2.2 > src/contrib/bzip2/README 1.1.1.1.2.2 > src/contrib/bzip2/README.COMPILATION.PROBLEMS 1.1.1.1.2.2 > src/contrib/bzip2/Y2K_INFO 1.1.1.1.2.1 > src/contrib/bzip2/blocksort.c 1.1.1.1.2.2 > src/contrib/bzip2/bzip2.1 1.1.1.1.2.2 > src/contrib/bzip2/bzip2.c 1.1.1.1.2.2 > src/contrib/bzip2/bzip2recover.c 1.1.1.1.2.2 > src/contrib/bzip2/bzlib.c 1.1.1.1.2.2 > src/contrib/bzip2/bzlib.h 1.1.1.1.2.2 > src/contrib/bzip2/bzlib_private.h 1.1.1.1.2.2 > src/contrib/bzip2/compress.c 1.1.1.1.2.2 > src/contrib/bzip2/crctable.c 1.1.1.1.2.2 > src/contrib/bzip2/decompress.c 1.1.1.1.2.2 > src/contrib/bzip2/dlltest.c 1.1.1.1.2.2 > src/contrib/bzip2/huffman.c 1.1.1.1.2.2 > src/contrib/bzip2/libbz2.def 1.1.1.1.2.1 > src/contrib/bzip2/makefile.msc 1.1.1.1.2.2 > src/contrib/bzip2/manual.texi 1.1.1.1.2.2 > src/contrib/bzip2/randtable.c 1.1.1.1.2.2 > src/contrib/bzip2/sample1.bz2.uu 1.1.1.1.2.2 > src/contrib/bzip2/sample1.ref.gz.uu 1.1.1.1.2.2 > src/contrib/bzip2/sample2.bz2.uu 1.1.1.1.2.2 > src/contrib/bzip2/sample2.ref.gz.uu 1.1.1.1.2.1 > src/contrib/bzip2/sample3.bz2.uu 1.1.1.1.2.2 > src/contrib/bzip2/sample3.ref.gz.uu 1.1.1.1.2.1 > src/contrib/bzip2/spewG.c 1.1.1.1.2.1 > src/contrib/bzip2/unzcrash.c 1.1.1.1.2.1 > src/contrib/bzip2/words0 1.1.1.1.2.1 > src/contrib/bzip2/words1 1.1.1.1.2.1 > src/contrib/bzip2/words2 1.1.1.1.2.1 > src/contrib/bzip2/words3 1.1.1.1.2.2 [...] > All files in src/contrib/bzip2 have identical revision numbers on > their respective branches but do not contain the revision number in > the source code. I just updated the system on 5/20 but wanted to verify that it has the right bzip version. Unfortunately (as noted above) the source doesn't contain any version numbers. Also, the newest file date under src/contrib/bzip2 is 2/18/2002. Is this correct? Thx, Phil -- Philip J. Koenig pjklist@ekahuna.com Electric Kahuna Systems -- Computers & Communications for the New Millenium To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message