Fedora Legacy Test Update Notification: zip

Jim Popovitch jimpop at yahoo.com
Mon Dec 20 16:31:09 UTC 2004 

+VERIFIED

Needs (as I understand it) one more person to verify.

-Jim P.

On Sat, 2004-12-18 at 14:19 -0500, Marc Deslauriers wrote:
> ---------------------------------------------------------------------
> Fedora Legacy Test Update Notification
> FEDORALEGACY-2004-2255
> Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2255
> 2004-12-18
> ---------------------------------------------------------------------
> 
> Name        : zip
> 7.3 Version : zip-2.3-26.1.0.7.3.legacy
> 9 Version   : zip-2.3-26.1.0.9.legacy
> fc1 Version : zip-2.3-26.1.1.legacy
> Summary     : A file compression and packaging utility compatible with
>                PKZIP.
> Description :
> The zip program is a compression and file packaging utility. Zip is
> analogous to a combination of the UNIX tar and compress commands and
> is compatible with PKZIP, a compression and file packaging utility for
> MS-DOS systems.
> 
> ---------------------------------------------------------------------
> Update Information:
> 
> An updated zip package that fixes a buffer overflow vulnerability is now
> available.
> 
> The zip program is an archiving utility which can create ZIP-compatible
> archives.
> 
> A buffer overflow bug has been discovered in zip when handling long file
> names. An attacker could create a specially crafted path which could
> cause zip to crash or execute arbitrary instructions. The Common
> Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
> name CAN-2004-1010 to this issue.
> 
> Users of zip should upgrade to this updated package, which contains
> backported patches and is not vulnerable to this issue.
> 
> ---------------------------------------------------------------------
> 7.3 changelog:
> 
> * Tue Nov 16 2004 Rob Myers <rob.myers at gtri.gatech.edu> 
> 2.3-26.1.0.7.3.legacy
> - Rebuild for rh73 legacy
> - resolves CAN-2004-1010 (FL #2255)
> 
> * Mon Nov 08 2004 Lon Hohberger <lhh at redhat.com> 2.3-26.3
> - Rebuild for FC-3
> 
> * Mon Nov 08 2004 Lon Hohberger <lhh at redhat.com> 2.3-26.2
> - Fix buffer overflow. #138230
> 
> 9 changelog:
> 
> * Tue Nov 16 2004 Rob Myers <rob.myers at gtri.gatech.edu> 2.3-26.1.0.9.legacy
> - Rebuild for rh9 legacy
> - resolves CAN-2004-1010 (FL #2255)
> 
> * Mon Nov 08 2004 Lon Hohberger <lhh at redhat.com> 2.3-26.3
> - Rebuild for FC-3
> 
> * Mon Nov 08 2004 Lon Hohberger <lhh at redhat.com> 2.3-26.2
> - Fix buffer overflow. #138230
> 
> fc1 changelog:
> 
> * Tue Nov 16 2004 Rob Myers <rob.myers at gtri.gatech.edu> 2.3-26.1.1.legacy
> - Rebuild for fc1 legacy
> - resolves CAN-2004-1010 (FL #2255)
> 
> * Mon Nov 08 2004 Lon Hohberger <lhh at redhat.com> 2.3-26.3
> - Rebuild for FC-3
> 
> * Mon Nov 08 2004 Lon Hohberger <lhh at redhat.com> 2.3-26.2
> - Fix buffer overflow. #138230
> 
> ---------------------------------------------------------------------
> This update can be downloaded from:
>    http://download.fedoralegacy.org/
> (sha1sums)
> 
> 7b1134632529e30a471d2ae038f414f407ac0d3e 
> redhat/7.3/updates-testing/i386/zip-2.3-26.1.0.7.3.legacy.i386.rpm
> 8db58039a432c0f0c9ff01e07b9190ad23ac4413 
> redhat/7.3/updates-testing/SRPMS/zip-2.3-26.1.0.7.3.legacy.src.rpm
> 95966b2b9fdac8f17c74226c3c033b24dd6c9226 
> redhat/9/updates-testing/i386/zip-2.3-26.1.0.9.legacy.i386.rpm
> 92b76aadb2e46b57dd9b71927dada7b1c1154dae 
> redhat/9/updates-testing/SRPMS/zip-2.3-26.1.0.9.legacy.src.rpm
> 9ef4498e118ca6b4a8f72b02fecde57924d51267 
> fedora/1/updates-testing/i386/zip-2.3-26.1.1.legacy.i386.rpm
> 2dcdfc8e6ac63e2b74cf7c781c078773e0265eb8 
> fedora/1/updates-testing/SRPMS/zip-2.3-26.1.1.legacy.src.rpm
> 
> ---------------------------------------------------------------------
> 
> Please test and comment in bugzilla.
> --
> fedora-legacy-list mailing list
> fedora-legacy-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-legacy-list

More information about the fedora-legacy-list mailing list