Packages were rebuilt to correct a missing texinfo BuildRequires. --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-157696 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157696 2005-07-19 --------------------------------------------------------------------- Name : gzip Versions : rh73: gzip-1.3.3-1.2.legacy Versions : rh9: gzip-1.3.3-9.2.legacy Versions : fc1: gzip-1.3.3-11.2.legacy Versions : fc2: gzip-1.3.3-12.2.legacy Summary : The GNU data compression program. Description : The gzip package contains the popular GNU gzip data compression program. Gzipped files have a .gz extension. --------------------------------------------------------------------- Update Information: An updated gzip package is now available. The gzip package contains the GNU gzip data compression program. A bug was found in the way zgrep processes file names. If a user can be tricked into running zgrep on a file with a carefully crafted file name, arbitrary commands could be executed as the user running zgrep. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0758 to this issue. A bug was found in the way gunzip modifies permissions of files being decompressed. A local attacker with write permissions in the directory in which a victim is decompressing a file could remove the file being written and replace it with a hard link to a different file owned by the victim, gunzip then gives the linked file the permissions of the uncompressed file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0988 to this issue. A directory traversal bug was found in the way gunzip processes the -N flag. If a victim decompresses a file with the -N flag, gunzip fails to sanitize the path which could result in a file owned by the victim being overwritten. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1228 to this issue. Users of gzip should upgrade to this updated package, which contains backported patches to correct these issues. --------------------------------------------------------------------- Changelogs rh73: * Tue Jul 19 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.3.3-1.2.legacy - Added missing texinfo to BuildRequires * Wed Jul 13 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 1.3.3-1.1.legacy - Patches for CAN 2005-0758, 2005-0988, 2005-1228 (#157696) rh9: * Tue Jul 19 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.3.3-9.2.legacy - Added missing texinfo BuildRequires * Wed Jul 13 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 1.3.3-9.1.legacy - Patches for CAN 2005-0758, 2005-0988, 2005-1228 (#157696) fc1: * Tue Jul 19 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.3.3-11.2.legacy - Added missing texinfo BuildRequires * Wed Jul 13 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 1.3.3-11.1.legacy - Patches for CAN 2005-0758, 2005-0988, 2005-1228 (#157696) fc2: * Tue Jul 19 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.3.3-12.2.legacy - Added missing texinfo BuildRequires * Wed Jul 13 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 1.3.3-12.1.legacy - Patches for CAN 2005-0758, 2005-0988, 2005-1228 (#157696) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 16a19e2142d83f1db86dbf5a9a5a0b4e35d50c92 redhat/7.3/updates-testing/i386/gzip-1.3.3-1.2.legacy.i386.rpm 98e5fcc727442dd531277cffc2771b7bc8d5f1f8 redhat/7.3/updates-testing/SRPMS/gzip-1.3.3-1.2.legacy.src.rpm rh9: 7960019da89fbdee222e71b7d9884e6dc9ed3056 redhat/9/updates-testing/i386/gzip-1.3.3-9.2.legacy.i386.rpm de3e4e8dd934c383feb2a464b522c4e62bdd3f6d redhat/9/updates-testing/SRPMS/gzip-1.3.3-9.2.legacy.src.rpm fc1: b5cc020182af4b945a461c35e1adc3ddb15e953b fedora/1/updates-testing/i386/gzip-1.3.3-11.2.legacy.i386.rpm 28c8700ac53cb6f8110c744ffc8456095cf9d051 fedora/1/updates-testing/SRPMS/gzip-1.3.3-11.2.legacy.src.rpm fc2: 3d056ec2af5e344ef56e22049e5bd196f0c27180 fedora/2/updates-testing/i386/gzip-1.3.3-12.2.legacy.i386.rpm f6b4d52075528761fd56e44c8227c45130f959b0 fedora/2/updates-testing/SRPMS/gzip-1.3.3-12.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
