Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 99751
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 99751 depends on: Show dependency tree
Bug 99751 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-07-20 22:24 0000 
Package : zlib  
 Vulnerability : buffer overflow  
 Problem type : remote DoS  
 Debian-specific: no  
 CVE ID : CAN-2005-1849  
  
Markus Oberhumer discovered a flaw in the way zlib, a library used for  
 file compression and decompression, handles invalid input. This flaw can  
 cause programs which use zlib to crash when opening an invalid file.

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-07-20 22:26:31 0000 ------- 
Base-system please commit the zlib-1.2.3 ebuild for further arch testing.

------- Comment #2 From Sune Kloppenborg Jeppesen 2005-07-20 22:28:29 0000 ------- 
*** Bug 98780 has been marked as a duplicate of this bug. ***

------- Comment #3 From Sune Kloppenborg Jeppesen 2005-07-21 01:41:39 0000 ------- 
Arches please test and mark zlib-1.2.3 stable.  
  
Committed with the following keywords from previous arch security liaison  
testing:  
  
KEYWORDS="alpha ~amd64 ~arm hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc  
~x86"

------- Comment #4 From Petteri Räty 2005-07-21 04:38:39 0000 ------- 
 21 Jul 2005; Tavis Ormandy <taviso@gentoo.org> +zlib-1.2.3.ebuild:
security bump #63740

The ChangeLog should probably point to this bug?

------- Comment #5 From solar 2005-07-21 04:53:27 0000 ------- 
I'll make note when I bump x86 of this bug #

------- Comment #6 From solar 2005-07-21 05:04:06 0000 ------- 
stable on x86 made reference to the can and this bug. 
s390 amd64 m68k arm sh mips ia64 remain.

------- Comment #7 From Chris Gianelloni (RETIRED) 2005-07-21 06:25:23 0000 ------- 
Actually, this is a "blocker" for the release being built.

Thanks

------- Comment #8 From Herbie Hopkins (RETIRED) 2005-07-21 07:29:11 0000 ------- 
Stable on amd64.

------- Comment #9 From Chris Gianelloni (RETIRED) 2005-07-21 12:14:53 0000 ------- 
IA64 done by agriffis

------- Comment #10 From SpanKY 2005-07-21 17:27:58 0000 ------- 
all stable but mips

------- Comment #11 From solar 2005-07-21 18:31:18 0000 ------- 
Sadly other distros seem to be down playing the impact of this vuln. 
I glad we have guys like tavis who do homework.

------- Comment #12 From Sune Kloppenborg Jeppesen 2005-07-21 22:48:27 0000 ------- 
GLSA 200507-19 
 
mips don't forget to mark stable to benifit from the GLSA.

------- Comment #13 From Hardave Riar (RETIRED) 2005-07-21 23:23:16 0000 ------- 
Stable on mips.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug