Re: Bug#402042: CVE 2006 4334 taken care of in 1.3.7+ ?

bug-gzip

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug#402042: CVE 2006 4334 taken care of in 1.3.7+ ?

From:	Bdale Garbee
Subject:	Re: Bug#402042: CVE 2006 4334 taken care of in 1.3.7+ ?
Date:	Fri, 08 Dec 2006 09:46:21 -0600

On Thu, 2006-12-07 at 09:47 -0800, Paul Eggert wrote:
> I don't
> know why two markedly different patches were applied, but I assume
> that either set will do, and I took the 1.3.5-15 patches as being
> simpler and easier to understand.

I think that should be ok.

Patches for security issues in the stable release of Debian are
generally prepared and uploaded by members of the security team
relatively independently of actions of the primary maintainer of a
package.  That's a good thing when it causes bugs to get fixed in the
stable release more quickly, but it can lead to this kind of difference
sometimes.  

To be frank, I don't recall the details of why I picked the patch that I
did for Debian's 1.3.5-15, or whether I was aware that it was different
from what got used for the stable release.

Bdale

[Prev in Thread]

Current Thread

[Next in Thread]

CVE 2006 4334 taken care of in 1.3.7+ ?, Mike Frysinger, 2006/12/07
- Re: CVE 2006 4334 taken care of in 1.3.7+ ?, Paul Eggert, 2006/12/07
  - Re: Bug#402042: CVE 2006 4334 taken care of in 1.3.7+ ?, Bdale Garbee <=

Prev by Date: Re: misc zgrep patches
Next by Date: Re: misc zgrep patches
Previous by thread: Re: CVE 2006 4334 taken care of in 1.3.7+ ?
Next by thread: [patch] fix segfault encountered while compressing xorg fonts
Index(es):
- Date
- Thread