100540 – dev-perl/Compress-Zlib 1.34 includes it's own vuln version of zlib

Bug 100540 - dev-perl/Compress-Zlib 1.34 includes it's own vuln version of zlib

Summary: dev-perl/Compress-Zlib 1.34 includes it's own vuln version of zlib

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B1 [glsa] jaervosz
Keywords:

Depends on:
Blocks:

Reported:	2005-07-27 19:09 UTC by solar (RETIRED)
Modified:	2005-08-20 11:14 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Compress-Zlib-1.35 (Compress-Zlib-1.35.ebuild,607 bytes, patch) 2005-07-27 19:10 UTC, solar (RETIRED)	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description solar (RETIRED) gentoo-dev

2005-07-27 19:09:36 UTC

Compress-Zlib-1.33 = zlib-1.1.4 (stable all arches)
Compress-Zlib-1.34 = slib-1.2.2 (~arch vuln)
Compress-Zlib-1.35 = zlib-1.2.3 (not vuln and not in the tree)

Comment 1 solar (RETIRED) gentoo-dev

2005-07-27 19:10:51 UTC

Created attachment 64485 [details, diff]
Compress-Zlib-1.35

Updated version.

Comment 2 SpanKY gentoo-dev

2005-07-27 19:54:01 UTC

or even better, get the package to stop using the bundled one ... if you run a
diff between the bundled version and a pristine zlib you'll see that there are
no changes

Comment 3 Michael Cummings (RETIRED) gentoo-dev

2005-07-28 02:14:57 UTC

I hadn't realized Paul had posted the update, sorry about that folks (this was a
topic on the porters list about a week ago). Ebuild should be in the tree in the
next few minutes

Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-07-28 02:43:41 UTC

Arches please test and mark Compress-Zlib-1.35 stable.

Comment 5 Markus Rothe (RETIRED) gentoo-dev

2005-07-28 03:34:46 UTC

stable on ppc64

Comment 6 Michael Cummings (RETIRED) gentoo-dev

2005-07-28 03:37:05 UTC

Stable on sparc and x86

Comment 7 Simon Stelling (RETIRED) gentoo-dev

2005-07-28 04:02:00 UTC

amd64 happy

Comment 8 René Nussbaumer (RETIRED) gentoo-dev

2005-07-28 04:09:32 UTC

Stable on hppa

Comment 9 Tobias Scherbaum (RETIRED) gentoo-dev

2005-07-28 10:29:50 UTC

ppc stable

Comment 10 MATSUU Takuto (RETIRED) gentoo-dev

2005-07-28 15:41:01 UTC

stable on sh.

Comment 11 SpanKY gentoo-dev

2005-07-30 03:04:21 UTC

arm/ia64/s390 done

Comment 12 Bryan Østergaard (RETIRED) gentoo-dev

2005-07-31 13:46:01 UTC

Stable on alpha.

Comment 13 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-07-31 23:07:16 UTC

GLSA 200508-01 
 
mips don't forget to mark stable.

Comment 14 Hardave Riar (RETIRED) gentoo-dev

2005-08-20 11:14:26 UTC

Stable on mips.