On Mon, Mar 11, 2002 at 09:42:39PM +0100, Michael Stone wrote: > The zlib vulnerability is fixed in the Debian zlib package version > 1.1.3-5.1. A number of programs either link statically to zlib or include > a private copy of zlib code. These programs must also be upgraded > to eliminate the zlib vulnerability. The affected packages and fixed > versions follow: > amaya 2.4-1potato1 > dictd 1.4.9-9potato1 > erlang 49.1-10.1 > freeamp 2.0.6-2.1 > mirrordir 0.10.48-2.1 > ppp 2.3.11-1.5 > rsync 2.3.2-1.6 > vrweb 1.5-5.1
For comparison, here is a list of packages reported to be affected by the zlib vulnerability in ALT Linux Sisyphus (fixed src.rpms listed): XFree86-4.2.0-alt2.src.rpm XFree86-compat-3.3.6-ipl23mdk.src.rpm freeswan-1.95-alt3.src.rpm iptables-1.2.5-alt1.src.rpm kernel-headers-common-1.0-alt1.src.rpm kernel22-2.2.21-alt3.p4.src.rpm kernel24-2.4.18-alt2.src.rpm kernel24-2.4.7-alt3.src.rpm libpopt-1.7-alt2.src.rpm mkinitrd-2.7.1-alt6.1.src.rpm mktemp-1.4-alt1.src.rpm modutils-2.4.12-alt1.src.rpm pngcrush-1.5.8-alt2.src.rpm rpm-3.0.6-ipl29.2mdk.src.rpm rsync-2.5.3-alt2.src.rpm vnc-3.3.3r2-alt2.src.rpm zlib-1.1.3-ipl15mdk.src.rpm As you can see, there are packages fixed in Sisyphus that are not mentioned in Debian announcement. Does this mean that Debian counterparts were not affected in the first place, or that they were overlooked? -- Dmitry Borodaenko -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
