Bug 100540 - dev-perl/Compress-Zlib 1.34 includes it's own vuln version of zlib
Bug#: 100540 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: major Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: solar@gentoo.org
Component: Vulnerabilities
URL: 
Summary: dev-perl/Compress-Zlib 1.34 includes it's own vuln version of zlib
Keywords:  
Status Whiteboard: B1 [glsa] jaervosz
Opened: 2005-07-27 19:09 0000
Description:   Opened: 2005-07-27 19:09 0000 
Compress-Zlib-1.33 = zlib-1.1.4 (stable all arches)
Compress-Zlib-1.34 = slib-1.2.2 (~arch vuln)
Compress-Zlib-1.35 = zlib-1.2.3 (not vuln and not in the tree)

------- Comment #1 From solar 2005-07-27 19:10:51 0000 ------- 
Created an attachment (id=64485) [details]
Compress-Zlib-1.35

Updated version.

------- Comment #2 From SpanKY 2005-07-27 19:54:01 0000 ------- 
or even better, get the package to stop using the bundled one ... if you run a
diff between the bundled version and a pristine zlib you'll see that there are
no changes

------- Comment #3 From Michael Cummings (RETIRED) 2005-07-28 02:14:57 0000 ------- 
I hadn't realized Paul had posted the update, sorry about that folks (this was
a
topic on the porters list about a week ago). Ebuild should be in the tree in
the
next few minutes

------- Comment #4 From Sune Kloppenborg Jeppesen 2005-07-28 02:43:41 0000 ------- 
Arches please test and mark Compress-Zlib-1.35 stable.

------- Comment #5 From Markus Rothe 2005-07-28 03:34:46 0000 ------- 
stable on ppc64

------- Comment #6 From Michael Cummings (RETIRED) 2005-07-28 03:37:05 0000 ------- 
Stable on sparc and x86

------- Comment #7 From Simon Stelling (RETIRED) 2005-07-28 04:02:00 0000 ------- 
amd64 happy

------- Comment #8 From René Nussbaumer 2005-07-28 04:09:32 0000 ------- 
Stable on hppa

------- Comment #9 From Tobias Scherbaum 2005-07-28 10:29:50 0000 ------- 
ppc stable

------- Comment #10 From MATSUU Takuto 2005-07-28 15:41:01 0000 ------- 
stable on sh.

------- Comment #11 From SpanKY 2005-07-30 03:04:21 0000 ------- 
arm/ia64/s390 done

------- Comment #12 From Bryan Østergaard (RETIRED) 2005-07-31 13:46:01 0000 ------- 
Stable on alpha.

------- Comment #13 From Sune Kloppenborg Jeppesen 2005-07-31 23:07:16 0000 ------- 
GLSA 200508-01 
 
mips don't forget to mark stable.

------- Comment #14 From Hardave Riar (RETIRED) 2005-08-20 11:14:26 0000 ------- 
Stable on mips.