Path to this page:
Subject: CVS commit: pkgsrc/devel/zlib
From: Jeremy C. Reed
Date: 2004-09-01 01:16:23
Message id: 20040831231623.570A42DA1D@cvs.netbsd.org
Log Message:
Added two patches for fixing possible security issue.
The CVS security ID is CAN-2004-0797.
The fix is same as used by OpenBSD, Debian and Gentoo.
(Didn't see any reference to issue on zlib webpages.)
The OpenBSD announcement "zlib reliabilty fix" says:
"could allow an attacker to crash programs linked
with it."
And the Gentoo announcement says "zlib contains a bug in the handling
of errors in the inflate() and inflateBack() functions. ... An
attacker could exploit this vulnerability to launch a Denial of
Service attack on any application using the zlib library."
PKGREVISION is bumped and BUILDLINK_RECOMMENDED.zlib added to
buildlink3.mk file.
Files: