[Full-disclosure] [SECURITY] [DSA 797-2] Updated zsync i386 packages fix build error

From: Michael Stone (mstone_at_klecker.debian.org)
Date: 09/29/05

  • Next message: Kurt Buff: "Re: [Full-disclosure] Is the Bottom Line Impacted by Security Breaches?" 
    To: debian-security-announce@lists.debian.org
Date: Thu, 29 Sep 2005 02:35:02 +0200

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 797-2 security@debian.org
    http://www.debian.org/security/ Michael Stone
    September 28th, 2005 http://www.debian.org/security/faq
    - --------------------------------------------------------------------------

    Package : zsync
    Vulnerability : DOS
    Problem-Type : buffer overflow
    Debian-specific: no
    CVE ID : CAN-2005-1849, CAN-2005-2096

    zsync, a file transfer program, includes a modified local copy of
    the zlib library, and is vulnerable to certain bugs fixed previously
    in the zlib package.

    There was a build error for the sarge i386 proftpd packages released in
    DSA 797-1. A new build, zsync_0.3.3-1.sarge.1.2, has been prepared to
    correct this error. The packages for other architectures are unaffected.

    Upgrade Instructions
    - --------------------

    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.

    If you are using the apt-get package manager, use the line for
    sources.list as given below:

    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages

    You may use an automated update by adding the resources from the
    footer to the proper configuration.

    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------

      Intel IA-32 architecture:

        http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1.2_i386.deb
          Size/MD5 checksum: 94516 bb4ff605c6e3b94f23dd0986ca55e450

      These files will probably be moved into the stable distribution on
      its next update.

    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: debian-security-announce@lists.debian.org
    Package info: `apt-cache show <pkg>' and http://packages.debian.org/>

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)

    iQCVAwUBQzs06g0hVr09l8FJAQKrLwQAmPfeT1IBuytJJQr6k8nAVvJMAy1YbOua
    vkcng39SHCiTP2HPYRxJCGMRvp3EqTx3QFsuhCBCl+cxDIPk63CNIuUBb+WinYN5
    h543O3nmIukK4RSESN51E7WULQ6OTINzBM9xLQrFSI0glyRIefEHw/bsSOvz8Bs0
    T5EPNapUs9s=
    =dC8D
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter:     http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

  • Next message: Kurt Buff: "Re: [Full-disclosure] Is the Bottom Line Impacted by Security Breaches?"

    Relevant Pages