On Thu, 12 May 2005, Matthew Burgess wrote: > Folks, > > As we're on a bit of a security spree today, I've uploaded a patch to > the patches repository that fixes the two security vulnerabilities in > gzip that have been reported recently > (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0988 and > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1228). For > your convenience the same patch is also attached. > > Regards, > > Matt. > >
Thanks, Matt. But the first vulnerability is apparently only in 1.3.3 and earlier (unless CVE are mistaken). The patch applies, and doesn't seem to deal with directory traversal, so I guess it's only CAN-2005-1228 that we should be concerned about. Ken -- das eine Mal als Trag�die, das andere Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/lfs-security FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
