Package : zlib Vulnerability : buffer overflow Problem type : remote DoS Debian-specific: no CVE ID : CAN-2005-1849 Markus Oberhumer discovered a flaw in the way zlib, a library used for file compression and decompression, handles invalid input. This flaw can cause programs which use zlib to crash when opening an invalid file.
Base-system please commit the zlib-1.2.3 ebuild for further arch testing.
*** Bug 98780 has been marked as a duplicate of this bug. ***
Arches please test and mark zlib-1.2.3 stable. Committed with the following keywords from previous arch security liaison testing: KEYWORDS="alpha ~amd64 ~arm hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc ~x86"
21 Jul 2005; Tavis Ormandy <taviso@gentoo.org> +zlib-1.2.3.ebuild: security bump #63740 The ChangeLog should probably point to this bug?
I'll make note when I bump x86 of this bug #
stable on x86 made reference to the can and this bug. s390 amd64 m68k arm sh mips ia64 remain.
Actually, this is a "blocker" for the release being built. Thanks
Stable on amd64.
IA64 done by agriffis
all stable but mips
Sadly other distros seem to be down playing the impact of this vuln. I glad we have guys like tavis who do homework.
GLSA 200507-19 mips don't forget to mark stable to benifit from the GLSA.
Stable on mips.