+++ This bug was initially created as a clone of Bug #220595 +++ Description of problem: Multiple vulnerabilities found in GNU gzip also apply to lha, namely: CVE-2006-4335, CVE-2006-4337 and CVE-2006-4338. Those are described in detail in http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676 Version-Release number of selected component (if applicable): RHEL 2.1, RHEL 3, RHEL 4 and FC 5 How reproducible: Reproducers available for gzip do not work. Additional info: As it's Christmas soon, my Christmas presence for you is the backported patch, so you don't have to deal with change of coding style between the releases :) -- Additional comment from lkundrak on 2006-12-22 07:40 EST -- Created an attachment (id=144273) Backported patch for releases after RHEL 2.1
The lha package is not in FC6 or newer... Changed version to FC5.