[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: zlib security flaw?

From: Mark Phippard <MarkP_at_softlanding.com>
Date: 2005-07-07 15:22:31 CEST

Mark Phippard <MarkP@softlanding.com> wrote on 07/07/2005 09:18:55 AM:

> Does anyone know any details about this?
>
>
http://www.eweek.com/article2/0,1759,1834632,00.asp?kc=EWRSS03119TX1K0000594
>
> The article was posted last night and is on their front page. However,
> the problem sounds exactly like the problem fixed in zlib 1.2.2. Did
> eWeek just pick up an old story or is there a new bug? I do not see a
new
> version of zlib, but the article does say that the fix is not posted
yet.
>
> Since new Windows binaries will soon be posted, as well as a new version

> of TortoiseSVN, we should probably clear this up so that if there is a
fix
> it is included.

Sorry. I should have used Google instead of just searching at CERT. It
looks like it is a real, new bug.

http://www.techworld.com/security/news/index.cfm?NewsID=3994
http://www.gentoo.org/security/en/glsa/glsa-200507-05.xml

Even though I do not think a Subversion client would be particularly
vulnerable to this problem, we should probably hold any Windows releases
until there is a fix since zlib is linked statically in the Windows
binaries.

Mark

_____________________________________________________________________________
Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs.
_____________________________________________________________________________

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jul 7 15:23:58 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.