On Sun, Jul 10, 2005 at 03:59:43PM +0200, Florian Weimer wrote: > On my system, the following packages contain statically linked copies > of zlib-related code:
I'm still interested in a full list of pacakges staticly linked to any version of zlib. We had a few advisories about zlib so far: DSA-763 (CAN-2005-1849): fixed in 1.2.2-4.sarge.2, 1.2.3-1 DSA-740 (CAN-2005-2096): fixed in 1.2.2-4.sarge.1, 1.2.2-7 DSA-122 (CVE-2002-0059): fixed in 1.1.3-5.1, 1.1.3-19.1, several other packages got fixed at that time. Afaik, we don't even have advisories for: CAN-2004-0797: fixed in 1.2.1.1-6 CVE-2003-0107: fixed in 1.1.4-10 And maybe I didn't even find a few. I think we really should update all packages to: - Build depend on zlib1g-dev when possible. - Build them use the latest version (1.2.3-1) - Document which are linked staticly. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
