** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-1228
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to klibc in Ubuntu.
https://bugs.launchpad.net/bugs/1358762
Title:
Included gzip 1.2.4 has several
Will this security vulnerability get fixed at all? I realize that the
impact is pretty small, because someone would have to explicitly use the
gzip binary provided with klibc. But even the new klibc package in
trusty/utopic/vivid still contains the old 1.2.4 version of gzip.
--
You received this
I have just looked at whether gzip can be replaced by BSD compress(1),
which is a drop-in replacement under a more free licence, but even after
adding fts and a lot of BSD functions it still needs funopen() which
klibc doesn’t have ☹
--
You received this bug notification because you are a member
Nevermind. I hacked MirBSD compress to omit the BSD compress method (so
it only does gzip), and replaced a few more things, and got a working
gzip/gunzip under BSD licence.
If there is any interest in the klibc side to include that, be my guest.
Sizes are nice, too (dynamically linked):
As I mentioned in IRC: I can probably easily shave another 2½K off .text
by removing stub support for multiple compressors and using the gzopen()
API already shipped by klibc.
Note that klibc bundles zlib 1.2.3 whereas even MirBSD has 1.2.8
already. That would also need updating. But at least,
** Information type changed from Private Security to Public Security
** Changed in: klibc (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to klibc in Ubuntu.
6 matches
Mail list logo
