Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 117787 - ProZilla is out of date
Summary: ProZilla is out of date
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: Lowest critical (vote)
Assignee: Gentoo Linux bug wranglers
URL: http://prozilla.genesys.ro/?p=news
Whiteboard:
Keywords:
: 119784 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-01-04 14:09 UTC by gentoo.bug.reports
Modified: 2006-01-21 03:21 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description gentoo.bug.reports 2006-01-04 14:09:33 UTC 
The latest release of ProZilla is 2.0.3. At the absolute least, this ebuild should be updated to 1.3.7.4, for both security and usability purposes. I have attached the relevant changelog information below:

--

ProZilla 1.3.7.4 released 24 March 2005

    Changes are:

        * Support for downloading files > 2GB.
        * Fix a remotely exploitable format string security bug.
        * Fix bugs in the handling of bad command-line options. Previously prozilla would return the success status code, even though it failed. Now it returns failure.
        * Fix a segfault. This occurred when prozilla could not assemble a file due to lack of disk space and the user chose to abort the operation.
        * Fix some typos.

--
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2006-01-04 14:18:46 UTC 
It's a crap security-wise (Bug 70090), and has been package.masked for a long time.

# Tavis Ormandy <taviso@gentoo.org> (9 Feb 2005)
# Masked pending security audit.
www-client/prozilla
Comment 2 gentoo.bug.reports 2006-01-04 17:50:53 UTC 
(In reply to comment #1)
> It's a crap security-wise (Bug 70090), and has been package.masked for a long
> time.
> 
> # Tavis Ormandy <taviso@gentoo.org> (9 Feb 2005)
> # Masked pending security audit.
> www-client/prozilla
> 

2.0.3 was released on Dec. 13th, 2005, yet I do not see any mention of it (or any other 2.x.x releases) in bug #70090. Did everyone give up on ProZilla after the bug #70090 debate?
Comment 3 Jakub Moc (RETIRED) gentoo-dev 2006-01-21 03:17:06 UTC 
*** Bug 119784 has been marked as a duplicate of this bug. ***
Comment 4 Samuele Kaplun 2006-01-21 03:21:19 UTC 
Hi. I don't understand why it won't be fix...