Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 255123 - www-servers/cherokee bundles an internal copy of zlib-1.1.3
Summary: www-servers/cherokee bundles an internal copy of zlib-1.1.3
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal
Assignee: José Alberto Suárez López (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: bundled-libs
  Show dependency tree
 
Reported: 2009-01-16 01:49 UTC by Diego Elio Pettenò (RETIRED)
Modified: 2010-06-16 08:30 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Diego Elio Pettenò (RETIRED) gentoo-dev 2009-01-16 01:49:21 UTC
I hope at least it has the vulnerabilities fixed, but it's still pretty un-nice, I can think of a couple very interesting attack patterns actually, if they are not.
Comment 1 Stefan de Konink 2009-01-19 17:47:03 UTC
(In reply to comment #0)
> I hope at least it has the vulnerabilities fixed, but it's still pretty
> un-nice, I can think of a couple very interesting attack patterns actually, if
> they are not.

Can you tell me why you make this such big fuzz? If you simply did a ldd on the binary and library you see that it actually uses the system zlib. So what is your point?
Comment 2 Diego Elio Pettenò (RETIRED) gentoo-dev 2009-01-19 17:56:44 UTC
I'd say you should refrain from commenting if you don't even know what ldd output means at all.
Comment 3 José Alberto Suárez López (RETIRED) gentoo-dev 2010-06-16 08:30:20 UTC
This is an upstream desicion, they dont plan to add a new dependency, adn they used the same version embbeded in kernel so it's supposed to be safe