Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 1063] Checking for zlib version 1.2.3
bugzilla-daemon at mindrot
Jul 26, 2005, 10:38 PM
Post #1 of 3 (454 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=1063

Summary: Checking for zlib version 1.2.3
Product: Portable OpenSSH
Version: -current
Platform: All
URL: http://www.zlib.net/
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Build system
AssignedTo: bitbucket@mindrot.org
ReportedBy: senthilkumar_sen@hotpop.com


The OpenSSH currently checks for zlib version 1.2.1.2 or up. But a buffer
overflow vulnerability exists in 1.2.x series versions 1.2.2 and below, the
fix is available in zlib version 1.2.3.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 1063] Checking for zlib version 1.2.3 [ In reply to ]
bugzilla-daemon at mindrot
Jul 26, 2005, 10:43 PM
Post #2 of 3 (447 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=1063





------- Additional Comments From senthilkumar_sen@hotpop.com 2005-07-27 16:43 -------
Created an attachment (id=943)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=943&action=view)
Patch to make configure to exit on vulnerable Zlib version

The attached patch against current snapshot makes the configure script to exit
on vulnerable Zlib version. Please let me know if there are any comments.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 1063] Checking for zlib version 1.2.3 [ In reply to ]
bugzilla-daemon at mindrot
Jul 27, 2005, 12:47 AM
Post #3 of 3 (447 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=1063


dtucker@zip.com.au changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED




------- Additional Comments From dtucker@zip.com.au 2005-07-27 18:47 -------
Thanks, but it's a couple of days late :-) From ChangeLog:

20050725
- (dtucker) [configure.ac] Update zlib version check for CAN-2005-2096.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal