I have just looked at whether gzip can be replaced by BSD compress(1), which is a drop-in replacement under a more free licence, but even after adding fts and a lot of BSD functions it still needs funopen() which klibc doesn’t have ☹
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to klibc in Ubuntu. https://bugs.launchpad.net/bugs/1358762 Title: Included gzip 1.2.4 has several vulnerabilities Status in “klibc” package in Ubuntu: Confirmed Bug description: The included gzip version is quite old (version 1.2.4) and has several security vulnerabilities. Check http://web.nvd.nist.gov/view/vuln/search- results?adv_search=true&cves=on&cpe_version=cpe:/a:gnu:gzip:1.2.4 for example. I explicitly checked for CVE-2001-1228, which was not fixed by a patch in the klibc package, so I assume the other vulnerabilities are not fixed either. I think it would be a good idea to update the included gzip to a current version. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/klibc/+bug/1358762/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp