mailing list archives
Re: [RHSA-2002:026-35] Vulnerability in zlib library
From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Wed, 13 Mar 2002 21:48:39 +0100 (MET)
On Tue, 12 Mar 2002, helmut g. katzgraber wrote:
hm... when i look at the rpm list below i notice that redhat
seems to be doing the same thing they did last time there was a
big upgrade: issue new kernel rpms, forget about the kernel
headers. while these might not change, several programs will barf
if the directory in which the headers are, does not match the
kernel version.... unless they put the headers now in the
kernel, which i doubt. a quick check of the 6.2 kernel rpm
kernel-2.2.19-6.2.15.alpha.rpm shows that
The most interesting thing is that zlib.c has not been touched since
2.2.19-6.2.12. As far as I can tell, the only changes between 6.2.12 and
6.2.15 are two small bugfixes: one for CIPE, another for debug traps (the
latter not mentioned in %changelog...bad RH! no biscuit!).
And to make things even more interesting, one file in the src.rpm,
ipvs-1.0.6-2.2.19.patch, contains a hunk looking a lot like a fix for
some double-free() problem zlib.c. But this patch is not used! They
use ipvs-1.0.8-2.2.19.patch which lacks this particular hunk!
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."