99751 2005-07-20 22:24 0000 sys-libs/zlib: another buffer overflow (CAN-2005-1849) 2005-07-21 23:23:16 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0489.html A1 [glsa] jaervosz P2 critical --- 1 jaervosz@gentoo.org security@gentoo.org betelgeuse@gentoo.org wolf31o2@gentoo.org jaervosz@gentoo.org 2005-07-20 22:24:55 0000 Package : zlib Vulnerability : buffer overflow Problem type : remote DoS Debian-specific: no CVE ID : CAN-2005-1849 Markus Oberhumer discovered a flaw in the way zlib, a library used for file compression and decompression, handles invalid input. This flaw can cause programs which use zlib to crash when opening an invalid file. jaervosz@gentoo.org 2005-07-20 22:26:31 0000 Base-system please commit the zlib-1.2.3 ebuild for further arch testing. jaervosz@gentoo.org 2005-07-20 22:28:29 0000 *** Bug 98780 has been marked as a duplicate of this bug. *** jaervosz@gentoo.org 2005-07-21 01:41:39 0000 Arches please test and mark zlib-1.2.3 stable. Committed with the following keywords from previous arch security liaison testing: KEYWORDS="alpha ~amd64 ~arm hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc ~x86" betelgeuse@gentoo.org 2005-07-21 04:38:39 0000 21 Jul 2005; Tavis Ormandy <taviso@gentoo.org> +zlib-1.2.3.ebuild: security bump #63740 The ChangeLog should probably point to this bug? solar@gentoo.org 2005-07-21 04:53:27 0000 I'll make note when I bump x86 of this bug # solar@gentoo.org 2005-07-21 05:04:06 0000 stable on x86 made reference to the can and this bug. s390 amd64 m68k arm sh mips ia64 remain. wolf31o2@gentoo.org 2005-07-21 06:25:23 0000 Actually, this is a "blocker" for the release being built. Thanks herbs@gentoo.org 2005-07-21 07:29:11 0000 Stable on amd64. wolf31o2@gentoo.org 2005-07-21 12:14:53 0000 IA64 done by agriffis vapier@gentoo.org 2005-07-21 17:27:58 0000 all stable but mips solar@gentoo.org 2005-07-21 18:31:18 0000 Sadly other distros seem to be down playing the impact of this vuln. I glad we have guys like tavis who do homework. jaervosz@gentoo.org 2005-07-21 22:48:27 0000 GLSA 200507-19 mips don't forget to mark stable to benifit from the GLSA. hardave@gentoo.org 2005-07-21 23:23:16 0000 Stable on mips.