| Up to higher level directory | |||
| Name | Date | Size | |
|---|---|---|---|
| gzip-1.3.5/ | 30-Sep-2002 | ||
| gzip-1.3.5.tar.gz | 10-Nov-2009 | 323.8K | |
| gzip-6294656-6283819-diff | 10-Nov-2009 | 1.7K | |
| gzip-security-diff | 10-Nov-2009 | 6.1K | |
| gzip.c-message-diff | 10-Nov-2009 | 394 | |
| install-gzip | 10-Nov-2009 | 2.4K | |
| Makefile.sfw | 10-Nov-2009 | 1.9K | |
| METADATA | 10-Nov-2009 | 367 | |
| README.patch | 10-Nov-2009 | 2.4K | |
| sunman-stability | 10-Nov-2009 | 1.1K | |
README.patch
1 ----------------- 6 Oct. 2006 - update ---------------------- 2 Previous source patch (gzip.1.3.3.patch) was revised to 3 gzip-6294656-6283819-diff 4 Security issue CVE-2006-4334 5 synopsis: gzip multiple issues (CVE-2006-4335, CVE-2006-4336 6 , CVE-2006-4337, CVE-2006-4338) 7 Is fixed by gzip-security-diff 8 "gzip --version" info is updated by gzip.c-message-diff 9 ------------------- original text --------------------------- 10 The version of Gzip contained in this gate, 1.3.3, is the latest 11 version released by the official maintainers. Following the release of 12 this version, a number of issues were discovered which affected 13 Solaris and for which it was deemed important to release a patch. 14 However, the Gzip source code is no longer being maintained by the 15 community. As a result, the diff file gzip-1.3.3.patch was created 16 which contains the differences between our released version and the 17 current official release. This is applied using gpatch during the 18 build process. 19 20 In order to distinguish the Sun patched version from the official 21 community version, the version number as reported by the utility at 22 runtime has been changed to: 1.3.3-patch.1 23 24 If in the future a new official version of Gzip is released, it should 25 be determined whether that later version still contains the problems 26 fixed by this patch. If it does not, this patch can be removed from 27 the gate and the build process when the later version is integrated 28 into the gate. If they are still present, this patch will have to be 29 modified to be applicable to that later version before it is 30 integrated into the gate. 31 32 The patch file contains the following changes: 33 34 1) configure : The version number used during build time has been 35 modifed as described above. 36 37 2) gzip.c: [ 6283819 gzip TOCTOU file-permissions vulnerability ] 38 39 The code for this fix came from the patch used by the Debian 40 community to address the same issue in their distribution, and was 41 extracted from the patch downloaded from: 42 43 http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody5.diff.gz 44 45 3) gzip.c: [ 6294656 gzip vulnerability <=1.3.5: a malicious archive 46 may write unintended files when uncompressed with -N ] 47 48 The code for this fix came from the patch used by the Debian 49 community to address the same issue in their distribution, and was 50 extracted from the patch downloaded from: 51 52 http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody5.diff.gz 53
Indexes created Wed Nov 25 00:25:59 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.