Bug#318091: libphysfs-1.0-0: [CAN-2005-2096] linked statically against zlib on most architectures

[Florian Weimer]

Package: libphysfs-1.0-0
Version: 1.0.0-4
Severity: normal
Tags: security

On most architectures, /usr/lib/libphysfs-1.0.so.0.0.0 includes a
statically linked copy of a vulnerable zlib version (1.2.1).  This is
probably caused by a missing build dependency on zlib1g-dev.

Please investigate and advise the security team if an update for the
stable distribution is needed.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#318091: libphysfs-1.0-0: [CAN-2005-2096] linked statically against zlib on most architectures

[Bartosz Fenski aka fEnIo]

On Wed, Jul 13, 2005 at 01:53:32PM +0200, Florian Weimer wrote:
 On most architectures, /usr/lib/libphysfs-1.0.so.0.0.0 includes a
 statically linked copy of a vulnerable zlib version (1.2.1).  This is
 probably caused by a missing build dependency on zlib1g-dev.
 
 Please investigate and advise the security team if an update for the
 stable distribution is needed.

Yes seems all architectures includes that except i386 and m68k.
I'll build new package for sid as soon as possible, but I don't have sarge
box here so would be great if security team could build it for sarge
themselves.

Thus I'm CCing them.

Thanks Florian for spotting it.

regards
fEnIo

-- 
  ,''`.  Bartosz Fenski | mailto:[EMAIL PROTECTED] | pgp:0x13fefc40 | irc:fEnIo
 : :' :   32-050 Skawina - Glowackiego 3/15 - w. malopolskie - Poland
 `. `'   phone:+48602383548 | proud Debian maintainer and user
   `-  http://skawina.eu.org | jid:[EMAIL PROTECTED] | rlu:172001


signature.asc
Description: Digital signature