* Scott James Remnant: > On Tue, 2005-07-12 at 18:10 +0200, Florian Weimer wrote: > >> dpkg-deb seems to contain a statically linked copy of zlib version >> 1.2.2. This means it's potentially vulnerable to CAN-2005-2096. Please >> check, and advise the security team if an update for stable is required. >> > From what I understand dpkg would be vulnerable, it will just need > rebuilding.
To some extent, it's a policy decision. Is dpkg-deb supposed to process untrusted input? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]