98404 – zlib buffer overflow needs promentent exposure.

Bug 98404 - zlib buffer overflow needs promentent exposure.

Summary: zlib buffer overflow needs promentent exposure.

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High critical (vote)
Assignee:	Gentoo Security

URL:	http://www.gentoo.org/security/en/gls...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-07-08 14:57 UTC by genbug
Modified:	2005-07-09 08:23 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description genbug 2005-07-08 14:57:06 UTC

http://forums.gentoo.org/viewtopic.php?t=356659

GLSA states there is a vunerability in zlib and adivses "zlib users" to upgrade.

This is a core package in the system profile, _EVERYONE_ is a zlib user.

Shouldn't this be given wider exposer with a _clear_ message that it affects all 
Gentoo systems rather than editing the stock template ?



Reproducible: Always
Steps to Reproduce:
1.
2.
3.




Put this criticat, presuambly it is important after all the chat about how we 
take security seriously ?

Comment 1 SpanKY gentoo-dev

2005-07-08 17:23:21 UTC

it receives as much 'exposure' as all our other GLSA's (which includes issues
with the linux kernel)

that means the GLSA is e-mailed to many public lists, posted on glsa.gentoo.org,
added to our portage tree and everyone who uses `glsa-check` sees it