From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020206

Description of problem:
The sash binary is linked statically with a vulnerable zlib

Version-Release number of selected component (if applicable):
sash-3.4-2

How reproducible:
Always

Steps to Reproduce:
1. get the zlib scanner from Florian Weimer
2. /tmp/scanner.pl /sbin/sash
3. 
	

Actual Results:  /sbin/sash: inflate version: "1.1.3 Copyright 1995-1998 Mark Adler"
/sbin/sash: zlib cplens table, little endian
/sbin/sash: zlib cplext table (version 1.0.5 to 1.1.4)


Expected Results:  sash should not be linked with a vulnerable version of zlib

Additional info:

Name        : sash                         Relocations: (not relocateable)
Version     : 3.4                               Vendor: Red Hat, Inc.
Release     : 2                             Build Date: Mon Feb  7 17:33:09 2000
Install date: Wed Nov  1 18:36:26 2000      Build Host: porky.devel.redhat.com
Group       : System Environment/Shells     Source RPM: sash-3.4-2.src.rpm
Size        : 410294                           License: GPL
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : A statically linked shell, including some built-in basic commands.
Description :
Sash is a simple, standalone, statically linked shell which includes
simplified versions of built-in commands like ls, dd and gzip.  Sash
is statically linked so that it can work without shared libraries, so
it is particularly useful for recovering from certain types of system
failures.  Sash can also be used to safely upgrade to new versions of
shared libraries.