+VERIFIED Needs (as I understand it) one more person to verify. -Jim P. On Sat, 2004-12-18 at 14:19 -0500, Marc Deslauriers wrote: > --------------------------------------------------------------------- > Fedora Legacy Test Update Notification > FEDORALEGACY-2004-2255 > Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2255 > 2004-12-18 > --------------------------------------------------------------------- > > Name : zip > 7.3 Version : zip-2.3-26.1.0.7.3.legacy > 9 Version : zip-2.3-26.1.0.9.legacy > fc1 Version : zip-2.3-26.1.1.legacy > Summary : A file compression and packaging utility compatible with > PKZIP. > Description : > The zip program is a compression and file packaging utility. Zip is > analogous to a combination of the UNIX tar and compress commands and > is compatible with PKZIP, a compression and file packaging utility for > MS-DOS systems. > > --------------------------------------------------------------------- > Update Information: > > An updated zip package that fixes a buffer overflow vulnerability is now > available. > > The zip program is an archiving utility which can create ZIP-compatible > archives. > > A buffer overflow bug has been discovered in zip when handling long file > names. An attacker could create a specially crafted path which could > cause zip to crash or execute arbitrary instructions. The Common > Vulnerabilities and Exposures project (cve.mitre.org) has assigned the > name CAN-2004-1010 to this issue. > > Users of zip should upgrade to this updated package, which contains > backported patches and is not vulnerable to this issue. > > --------------------------------------------------------------------- > 7.3 changelog: > > * Tue Nov 16 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> > 2.3-26.1.0.7.3.legacy > - Rebuild for rh73 legacy > - resolves CAN-2004-1010 (FL #2255) > > * Mon Nov 08 2004 Lon Hohberger <lhh@xxxxxxxxxx> 2.3-26.3 > - Rebuild for FC-3 > > * Mon Nov 08 2004 Lon Hohberger <lhh@xxxxxxxxxx> 2.3-26.2 > - Fix buffer overflow. #138230 > > 9 changelog: > > * Tue Nov 16 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 2.3-26.1.0.9.legacy > - Rebuild for rh9 legacy > - resolves CAN-2004-1010 (FL #2255) > > * Mon Nov 08 2004 Lon Hohberger <lhh@xxxxxxxxxx> 2.3-26.3 > - Rebuild for FC-3 > > * Mon Nov 08 2004 Lon Hohberger <lhh@xxxxxxxxxx> 2.3-26.2 > - Fix buffer overflow. #138230 > > fc1 changelog: > > * Tue Nov 16 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 2.3-26.1.1.legacy > - Rebuild for fc1 legacy > - resolves CAN-2004-1010 (FL #2255) > > * Mon Nov 08 2004 Lon Hohberger <lhh@xxxxxxxxxx> 2.3-26.3 > - Rebuild for FC-3 > > * Mon Nov 08 2004 Lon Hohberger <lhh@xxxxxxxxxx> 2.3-26.2 > - Fix buffer overflow. #138230 > > --------------------------------------------------------------------- > This update can be downloaded from: > http://download.fedoralegacy.org/ > (sha1sums) > > 7b1134632529e30a471d2ae038f414f407ac0d3e > redhat/7.3/updates-testing/i386/zip-2.3-26.1.0.7.3.legacy.i386.rpm > 8db58039a432c0f0c9ff01e07b9190ad23ac4413 > redhat/7.3/updates-testing/SRPMS/zip-2.3-26.1.0.7.3.legacy.src.rpm > 95966b2b9fdac8f17c74226c3c033b24dd6c9226 > redhat/9/updates-testing/i386/zip-2.3-26.1.0.9.legacy.i386.rpm > 92b76aadb2e46b57dd9b71927dada7b1c1154dae > redhat/9/updates-testing/SRPMS/zip-2.3-26.1.0.9.legacy.src.rpm > 9ef4498e118ca6b4a8f72b02fecde57924d51267 > fedora/1/updates-testing/i386/zip-2.3-26.1.1.legacy.i386.rpm > 2dcdfc8e6ac63e2b74cf7c781c078773e0265eb8 > fedora/1/updates-testing/SRPMS/zip-2.3-26.1.1.legacy.src.rpm > > --------------------------------------------------------------------- > > Please test and comment in bugzilla. > -- > > fedora-legacy-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-legacy-list -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list