Updating bzip2 to remove potential security vulnerability

2010-10-01 Thread Jerry
I have seen several notices on other forums regarding the update of bzip2 to correct a potential security problem. From the bzip2 web site: The current version is 1.0.6, released 20 Sept 2010. Version 1.0.6 removes a potential security vulnerability, CVE-2010-0405, so all users are recommended t

Re: Updating bzip2 to remove potential security vulnerability

2010-10-01 Thread Dan Nelson
In the last episode (Oct 01), Jerry said: > I have seen several notices on other forums regarding the update of bzip2 > to correct a potential security problem. From the bzip2 web site: > > > The current version is 1.0.6, released 20 Sept 2010. > > Version 1.0.6 removes a potential security vul

Re: Updating bzip2 to remove potential security vulnerability

2010-10-01 Thread Jerry
On Fri, 1 Oct 2010 12:14:20 -0500 Dan Nelson articulated: > You must have missed > http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ; > patches for 6, 7, and 8 are available there, and freebsd-update has > fixed binaries if you use that. Never saw it. So I am assuming that simp

Re: Updating bzip2 to remove potential security vulnerability

2010-10-01 Thread Jason
On Fri, Oct 01, 2010 at 04:59:40PM -0400, Jerry thus spake: On Fri, 1 Oct 2010 12:14:20 -0500 Dan Nelson articulated: You must have missed http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ; patches for 6, 7, and 8 are available there, and freebsd-update has fixed binaries if y

Re: Updating bzip2 to remove potential security vulnerability

2010-10-01 Thread Bruce Cran
On Fri, 1 Oct 2010 14:00:16 -0700 Jason wrote: > On Fri, Oct 01, 2010 at 04:59:40PM -0400, Jerry thus spake: > >On Fri, 1 Oct 2010 12:14:20 -0500 > >Dan Nelson articulated: > > > >> You must have missed > >> http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ; > >> patches for 6,

Re: Updating bzip2 to remove potential security vulnerability

2010-10-01 Thread Jerry
On Fri, 1 Oct 2010 14:00:16 -0700 Jason articulated: > On Fri, Oct 01, 2010 at 04:59:40PM -0400, Jerry thus spake: > >On Fri, 1 Oct 2010 12:14:20 -0500 > >Dan Nelson articulated: > > > >> You must have missed > >> http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ; > >> patches f

Re: Updating bzip2 to remove potential security vulnerability

2010-10-01 Thread Jerry
On Fri, 1 Oct 2010 22:23:16 +0100 Bruce Cran articulated: > On Fri, 1 Oct 2010 14:00:16 -0700 > Jason wrote: > > > On Fri, Oct 01, 2010 at 04:59:40PM -0400, Jerry thus spake: > > >On Fri, 1 Oct 2010 12:14:20 -0500 > > >Dan Nelson articulated: > > > > > >> You must have missed > > >> http://sec

Re: Updating bzip2 to remove potential security vulnerability

2010-10-01 Thread Bruce Cran
On Fri, 1 Oct 2010 17:49:29 -0400 Jerry wrote: > OK, I just updated my sources; however, this notation from the > UPDATING file does NOT appear in the UPDATING file on my machine: > > 20100920: p1 FreeBSD-SA-10:08.bzip2 > Fix an integer overflow in RLE length parsing when > decomp

Re: Updating bzip2 to remove potential security vulnerability

2010-10-01 Thread Michael Powell
Jerry wrote: [snip]. > > OK, I just updated my sources; however, this notation from the UPDATING > file does NOT appear in the UPDATING file on my machine: > > 20100920: p1 FreeBSD-SA-10:08.bzip2 > Fix an integer overflow in RLE length parsing when decompressing > corrupt bzip2 data. >

Re: Updating bzip2 to remove potential security vulnerability

2010-10-02 Thread Matthew Seaman
On 01/10/2010 21:59:40, Jerry wrote: > On Fri, 1 Oct 2010 12:14:20 -0500 > Dan Nelson articulated: > >> You must have missed >> http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ; >> patches for 6, 7, and 8 are available there, and freebsd-update has >> fixed binaries if you use