[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: zlib security flaw?

From: Branko Čibej <brane_at_xbc.nu>
Date: 2005-07-08 06:39:29 CEST

Mark Phippard wrote:

>Mark Phippard <MarkP@softlanding.com> wrote on 07/07/2005 09:18:55 AM:
>
>
>
>>Does anyone know any details about this?
>>
>>
>>
>>
>http://www.eweek.com/article2/0,1759,1834632,00.asp?kc=EWRSS03119TX1K0000594
>
>
>>The article was posted last night and is on their front page. However,
>>the problem sounds exactly like the problem fixed in zlib 1.2.2. Did
>>eWeek just pick up an old story or is there a new bug? I do not see a
>>
>>
>new
>
>
>>version of zlib, but the article does say that the fix is not posted
>>
>>
>yet.
>
>
>>Since new Windows binaries will soon be posted, as well as a new version
>>
>>
>
>
>
>>of TortoiseSVN, we should probably clear this up so that if there is a
>>
>>
>fix
>
>
>>it is included.
>>
>>
>
>Sorry. I should have used Google instead of just searching at CERT. It
>looks like it is a real, new bug.
>
>http://www.techworld.com/security/news/index.cfm?NewsID=3994
>http://www.gentoo.org/security/en/glsa/glsa-200507-05.xml
>
>Even though I do not think a Subversion client would be particularly
>vulnerable to this problem, we should probably hold any Windows releases
>until there is a fix since zlib is linked statically in the Windows
>binaries.
>
>
Well aargh, I wish someone would post the patch, too, then I'd just fix
my local copy of zlib-1.2.2 a
nd not waste time with the binaries (as I've been doing since an hour ago).

Then again, if I'd read the list posts more often...

*sigh*

-- Brane

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Jul 8 06:40:16 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.