Bug 131385
Summary: | CAN-2004-0797: inflate() and inflateBack() functions don't properly handle errors | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Robert Scheck <redhat-bugzilla> | ||||
Component: | zlib | Assignee: | Jeff Johnson <jbj> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | rawhide | CC: | b-nordquist, bressers, rh-bugzilla, wtogami | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797 | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2005-01-29 04:15:03 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 145267 | ||||||
Attachments: |
|
Description
Robert Scheck
2004-08-31 20:18:06 UTC
Created attachment 103317 [details]
zlib-1.2.1.1-inflate.patch
It seems so, that only Fedora Core 1, 2 and Development are affected of this issue. Red Hat Enterprise Linux 3 has the older 1.1.4 which not seems to be affected, but maybe you should check this. Correct, 1.1* is unaffected. *** Bug 131395 has been marked as a duplicate of this bug. *** Hey, what's up - why isn't the patch for the CAN included...does it hurt someone?! zlib-1.2.1.2-1 built in fc3; fc1 and fc2 need doing too. -0.fc1 and -0.fc2 now bult. Did the FC2 update get pushed and announcements sent? I don't see it on the update site or on fedora-announce-list. Ping, no announcement has gone out to fedora-announce-list about this issue. This bug is neither a FC3 nor a FC4 target bug, it's a open issue only for FC2 now - and thank you for sleeping such long, now FC1 isn't supported any longer. Maybe Warren should be added for a Legacy update... :-( fc2 update still not pushed to http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/SRPMS/ Could we please get this update for FC2 at least as christmas present? I don't want to find it as easter egg... ;-) what is the state of this bug? Is it really impossible to fix a security relevant bug within 5 months? My last hope is, that Fedora Legacy fixes this security issue in May 2005, when the outdated Fedora Core 2 is transfered to it... Released as FEDORA-2005-095. According to jbj rebuilding these packages, even the one in FC4, should work fine in earlier distributions. It should be trivial for Legacy to issue updates after proper testing. |