OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 04-Mar-2003 17:36:00
Branch: HEAD Handle: 2003030416360000
Modified files:
openpkg-web/security OpenPKG-SA-2003.015-zlib.txt
Log:
final polishing and signing
Summary:
Revision Changes Path
1.3 +12 -5 openpkg-web/security/OpenPKG-SA-2003.015-zlib.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2003.015-zlib.txt
============================================================================
$ cvs diff -u -r1.2 -r1.3 OpenPKG-SA-2003.015-zlib.txt
--- openpkg-web/security/OpenPKG-SA-2003.015-zlib.txt 4 Mar 2003 16:30:23 -0000
1.2
+++ openpkg-web/security/OpenPKG-SA-2003.015-zlib.txt 4 Mar 2003 16:36:00 -0000
1.3
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
@@ -25,7 +28,7 @@
which is a convenient printf(3) style formatted output function based on
zlib's raw output function gzwrite(). Richard Kettlewell discovered [1]
that the implementation of gzprintf() by default uses the portable
- but unsecure vsprintf(3) and sprintf(3) functions (subject to buffer
+ but insecure vsprintf(3) and sprintf(3) functions (subject to buffer
overflows), although optionally one was able to use the secure
vsnprintf(3) and snprintf(3) functions. Unfortunately, even the
optional use of vsnprintf(3) and snprintf(3) did not take the function
@@ -59,7 +62,7 @@
NOTICE 2: OpenPKG CURRENT currently has 49 packages depending on
the "zlib" package and 7 packages which have a local copy of zlib
embedded. Fortunately, none of those 56 packages use the affected
- gzprintf() function -- neither directly or indirectly.
+ gzprintf() function -- neither directly nor indirectly.
Solution:
Select the updated source RPM appropriate for your OpenPKG release
@@ -79,9 +82,6 @@
$ <prefix>/bin/rpm --rebuild zlib-1.1.4-1.2.1.src.rpm
$ su -
# <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/zlib-1.1.4-1.2.1.*.rpm
-
- Additionally, we recommend that you rebuild and reinstall
- all dependent packages (see above), if any, too. [3][4]
________________________________________________________________________
References:
@@ -106,3 +106,10 @@
the command "gpg --verify --keyserver keyserver.pgp.com".
________________________________________________________________________
+-----BEGIN PGP SIGNATURE-----
+Comment: OpenPKG <[EMAIL PROTECTED]>
+
+iD8DBQE+ZNXUgHWT4GPEy58RAorLAJ42kiOkr5DK4LNMJpBQi77vrIBjkwCdHqKz
+mgzAuVVj36YHDmRp95U2uFc=
+=eLZA
+-----END PGP SIGNATURE-----
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
