From owner-freebsd-security Tue Aug 6 0:52: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 457FF37B400 for ; Tue, 6 Aug 2002 00:52:00 -0700 (PDT) Received: from obsecurity.dyndns.org (adsl-67-115-73-77.dsl.lsan03.pacbell.net [67.115.73.77]) by mx1.FreeBSD.org (Postfix) with ESMTP id EE10043E72 for ; Tue, 6 Aug 2002 00:51:53 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id F108466DFC; Tue, 6 Aug 2002 00:51:51 -0700 (PDT) Date: Tue, 6 Aug 2002 00:51:51 -0700 From: Kris Kennaway To: sigma@smx.pair.com Cc: freebsd-security@freebsd.org Subject: Re: zlib 1.1.4 Message-ID: <20020806075151.GA59261@xor.obsecurity.org> References: <20020804122115.82777.qmail@smx.pair.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020804122115.82777.qmail@smx.pair.com> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, Aug 04, 2002 at 08:21:15AM -0400, sigma@smx.pair.com wrote: > > Is there some reason zlib 1.1.3 seems to be part of 4.6-STABLE? cvsweb > shows 1.1.4 imported "on the vendor branch". There was a major security > advisory in March 2002 for 1.1.3. A diff suggests only minor changes > between the 1.1.4 source (from gzip.org) and the source used by 4.6-STABLE, > but it's still labeled 1.1.3, which is enough to raise questions. The version in -stable contains all necessary bugfixes, as is apparent from the FreeBSD security advisory on this topic. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message