From unknown Mon Jun 23 04:15:22 2025 X-Loop: help-debbugs@gnu.org Subject: bug#30040: Mageia patching gzip with old CVE's Resent-From: =?UTF-8?Q?Stig-=C3=98rjan?= Smelror Original-Sender: "Debbugs-submit" Resent-CC: bug-gzip@gnu.org Resent-Date: Tue, 09 Jan 2018 07:48:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 30040 X-GNU-PR-Package: gzip X-GNU-PR-Keywords: To: 30040@debbugs.gnu.org X-Debbugs-Original-To: bug-gzip@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.151548403425756 (code B ref -1); Tue, 09 Jan 2018 07:48:02 +0000 Received: (at submit) by debbugs.gnu.org; 9 Jan 2018 07:47:14 +0000 Received: from localhost ([127.0.0.1]:42027 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eYocr-0006hL-Bz for submit@debbugs.gnu.org; Tue, 09 Jan 2018 02:47:13 -0500 Received: from eggs.gnu.org ([208.118.235.92]:38979) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eYnv8-0005er-Vr for submit@debbugs.gnu.org; Tue, 09 Jan 2018 02:02:03 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eYnv2-0007xw-QS for submit@debbugs.gnu.org; Tue, 09 Jan 2018 02:01:57 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,FREEMAIL_FROM, HTML_MESSAGE,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:45238) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eYnv2-0007xr-N0 for submit@debbugs.gnu.org; Tue, 09 Jan 2018 02:01:56 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58180) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eYnv1-0001nu-G4 for bug-gzip@gnu.org; Tue, 09 Jan 2018 02:01:56 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eYnuv-0007uJ-T8 for bug-gzip@gnu.org; Tue, 09 Jan 2018 02:01:55 -0500 Received: from mail-ot0-x230.google.com ([2607:f8b0:4003:c0f::230]:37326) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eYnuv-0007u2-NU for bug-gzip@gnu.org; Tue, 09 Jan 2018 02:01:49 -0500 Received: by mail-ot0-x230.google.com with SMTP id p31so10552741ota.4 for ; Mon, 08 Jan 2018 23:01:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=hTu6KSQGzeC1/H8bIZ3aoq4jOaqueJ2ouaQ1Fzr6img=; b=p3h4Cdhe0kDIEzA2KpuhFdwDzWGVfIAymmFnDOqEt4JONnwqKO/XeNQOpaDdtSGLEC aoNu94QN5vp94JlaLT+vZNqQzRHvhpKd0qDHG8GDoxEh5L5fHD2y9y1WbGjtfqQIPw/t BjpTn2AZRcx+qOX+SnVDf71efUslbSZM/4NVpEQ5cv0QaODscUCweaX7PwqowKE7AWLm v+uRE57N667ApXkPVsYzqHSZs2GaC7sF3Tiq9bi/k1iUnA/tBQb6OTg39C7F+ULlk7sg A3nK1LB/oVIdqfzecsGbvWOXBTDuZVwP0Xxwu9gKiE/mhFnVS/xM7fKO38kL2U4u9k5T cJow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=hTu6KSQGzeC1/H8bIZ3aoq4jOaqueJ2ouaQ1Fzr6img=; b=iXsVk6gilelyaH0mOPYukOfNeRDxcUZMq+9sd3vONINAPSX/PJo7ozHuW+8ndo8KWW vrtQ3S/UDZpSkiciLACmvUlxRajRzuxhimpjqBGD6GKCoZS5u9SgTTXAJDN63JaiO7Qp 3Rl9FHUnnICWKqV7HDiDpkYluOb0cfTbDpCyGvEb/hdfH1wCF5mrXnaKCyV1gmM/aIP/ oqHs3evw86AkmIqfDDX/RuXWClzBbPPVv+jE5N1InrNA1h9m0H3IS3nloJ15ymHZ0U2K Ga1CcMcxBKCuwIujpnEYcTdvEkMZMoySKkcmTQBLzeqUukc+aonwe3mLpCMynJHqA5J6 URJQ== X-Gm-Message-State: AKwxytc7FThhdrVM04J1riF+j51DptzG5MLjjuNlvWXEL4FYxazdyLLf BhtLVCJ3fii+PpKl52e5t530Xy3Msf4eQ1d2QFTsnw== X-Google-Smtp-Source: ACJfBouRPrztFFDFPZoJ8pQ5+NNXCyB99sUDqekUW3cteCTzn5pfNvgk+rJvlX554Fed6/oBuG5cWXIJwQhe5K6IdhY= X-Received: by 10.157.24.79 with SMTP id t15mr669463ott.258.1515481308198; Mon, 08 Jan 2018 23:01:48 -0800 (PST) MIME-Version: 1.0 From: =?UTF-8?Q?Stig-=C3=98rjan?= Smelror Date: Tue, 09 Jan 2018 07:01:36 +0000 Message-ID: Content-Type: multipart/alternative; boundary="001a1141568c09fcdd0562527d61" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Mailman-Approved-At: Tue, 09 Jan 2018 02:47:12 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.0 (----) --001a1141568c09fcdd0562527d61 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi everyone. I'm a packager padawan with Mageia and started working on packaging gzip-1.9 yesterday. When looking through the list of patches for gzip, I noticed quite a few CVE's lingering there and then looking through the code it "seemed to me" that these CVE's are not included. Then I thought, perhaps they've managed to fix these in other ways, but since I'm no programmer and not really sure, I wanted to ask you. Can you please take a look at the patches Mageia uses and let me know if they are necessary or needs to be rebased for gzip-1.9? http://svnweb.mageia.org/packages/cauldron/gzip/current/SOURCES/ Thanks in advance. Cheers, Stig-=C3=98rjan Smelror --001a1141568c09fcdd0562527d61 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi everyone.

I'm a packager padawan with Mageia and started working on packaging = gzip-1.9 yesterday.

When looking through the list of patches f= or gzip, I noticed quite a few CVE's lingering there and then looking t= hrough the code it "seemed to me" that these CVE's are not in= cluded.

Then I thought, perhaps they've managed to fix the= se in other ways, but since I'm no programmer and not really sure, I wa= nted to ask you.

Can you please take a look at the patches Mag= eia uses and let me know if they are necessary or needs to be rebased for g= zip-1.9?
http://svnweb.mageia.org/packages/cauldron/gzip/current/SOURC= ES/

Thanks in advance.

Cheers,
Stig-= =C3=98rjan Smelror
--001a1141568c09fcdd0562527d61-- From unknown Mon Jun 23 04:15:22 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: =?UTF-8?Q?Stig-=C3=98rjan?= Smelror Subject: bug#30040: closed (Re: bug#30040: Mageia patching gzip with old CVE's) Message-ID: References: X-Gnu-PR-Message: they-closed 30040 X-Gnu-PR-Package: gzip Reply-To: 30040@debbugs.gnu.org Date: Thu, 11 Jan 2018 05:18:03 +0000 Content-Type: multipart/mixed; boundary="----------=_1515647883-27940-1" This is a multi-part message in MIME format... ------------=_1515647883-27940-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #30040: Mageia patching gzip with old CVE's which was filed against the gzip package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 30040@debbugs.gnu.org. --=20 30040: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D30040 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1515647883-27940-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 30040-done) by debbugs.gnu.org; 11 Jan 2018 05:17:33 +0000 Received: from localhost ([127.0.0.1]:51627 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eZVF7-0007Fz-2m for submit@debbugs.gnu.org; Thu, 11 Jan 2018 00:17:33 -0500 Received: from mail-qt0-f182.google.com ([209.85.216.182]:43554) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eZVF5-0007Fn-CT for 30040-done@debbugs.gnu.org; Thu, 11 Jan 2018 00:17:31 -0500 Received: by mail-qt0-f182.google.com with SMTP id s3so455283qtb.10 for <30040-done@debbugs.gnu.org>; Wed, 10 Jan 2018 21:17:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-transfer-encoding; bh=wlDRAampMqLG9ph9c3vup/J26Jz1WPGjVkz/atwfdt4=; b=aPTXVXrCNf3ZH06jwa93Sm1OfRE6NzFHbleiaVi9yd32iLIY4920fZFkejIicKPeT9 6mfHuJt+XhgSPCat4+7LiFBrqNXwvKTzQrTtI8KCjneKKaRJFLmqK9rynM/jJdi1+db6 fjOSIzEVZSLuJ4EwBAMTPv/TQxRbK7X/id8aDPJ6+Rp4sIa3xxZu7ul4d1XGXqPHZeul x/oCaSN9rFN8JxHPDB4MWBE/ZXPoLuDguvd4Bd4B9r4idsSFAniAiX/jf43tqSOoOXc+ xusioCL/w+ThOHKvUStraRjqKSK01/MtyC95ORzjV6otkp7b3XduEXD5aM17Z1DozkeV 5XHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-transfer-encoding; bh=wlDRAampMqLG9ph9c3vup/J26Jz1WPGjVkz/atwfdt4=; b=tfFG1TQ9f5Bmqu1CA1WUivFx6tolQuIRjSN2n6aLs5sZeOpue3JYRMSEJIkYWosisc xrvjBc3kuo+8boP6QI1qNNl5Itwq0JgK6YfJ1nG3b0gRXyehnB3s5phKz0nymRSiUiiv 8+P9yui9E6x7CVcbMATDmqRVTC84vUWvup1HERKfpEmPqJoZvaLwp4ci/qLuJ3iyCehf L5GAAIeh1VOjdUGw3InIfz8LIBc5MBohYWVVzhlvPTkob1pw1pDSbuJdrlngWEfXmDzp DgByqmfPRMbU1Gxi4c7qQnNC964FJLvCFoNy6mxrnHKE0Z7L25hdRj8N00ZcZxWu++tZ okjw== X-Gm-Message-State: AKwxyteXtLscD1bKHga42TUfkNr7bIQvOCZ7yhQ0IWWu3cg5POeYF5DI 9vo2ZDA7h7suL75CZq20zu4y58dCRpPySzZXB6o= X-Google-Smtp-Source: ACJfBotV9/4IU8JW3PahrPlCcQJCVJ43npbNgpsiqm3L1mCfU/vlbECqrVtvRSBq+W2lX43hnlfkBXM4mgpvFEMd4/E= X-Received: by 10.200.36.221 with SMTP id t29mr29660730qtt.141.1515647845837; Wed, 10 Jan 2018 21:17:25 -0800 (PST) MIME-Version: 1.0 Received: by 10.55.164.10 with HTTP; Wed, 10 Jan 2018 21:17:05 -0800 (PST) In-Reply-To: References: From: Jim Meyering Date: Wed, 10 Jan 2018 21:17:05 -0800 X-Google-Sender-Auth: iN9alOMr4XcEtD4TVKUnL6kxLY8 Message-ID: Subject: Re: bug#30040: Mageia patching gzip with old CVE's To: =?UTF-8?Q?Stig=2D=C3=98rjan_Smelror?= Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.2 (/) X-Debbugs-Envelope-To: 30040-done Cc: 30040-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.2 (/) On Mon, Jan 8, 2018 at 11:01 PM, Stig-=C3=98rjan Smelror wrote: > Hi everyone. > > I'm a packager padawan with Mageia and started working on packaging > gzip-1.9 yesterday. > > When looking through the list of patches for gzip, I noticed quite a few > CVE's lingering there and then looking through the code it "seemed to me" > that these CVE's are not included. > > Then I thought, perhaps they've managed to fix these in other ways, but > since I'm no programmer and not really sure, I wanted to ask you. > > Can you please take a look at the patches Mageia uses and let me know if > they are necessary or needs to be rebased for gzip-1.9? > http://svnweb.mageia.org/packages/cauldron/gzip/current/SOURCES/ The CVE-2006-???? bugs were all fixed in upstream commit 03167e0cea52f915ea63566a76d76e68659542e8. There is nothing of significance in the gzip-1.5-CVE-2009-2624-1.diff patch= . Thus, you may safely remove those .diff files. Also, the zforce-related patch does this, which looks wrong: - if gzip -lv < "$i" 2>/dev/null | grep '^defl' > /dev/null; then + if gzip -l < "$i" 2>/dev/null | grep '^compressed' > /dev/null; then since that beginning-of-line-anchored regexp will never match gzip's -l out= put: $ :|gzip|gzip -l compressed uncompressed ratio uncompressed_name -1 -1 0.0% stdout I suggest you remove that patch, too. Finally, gzip-1.3.3-window-size.patch does this to gzip.c: -DECLARE(uch, window, 2L*WSIZE); +DECLARE(uch, window, 2L*WSIZE + 4096); Considering it was relative to 1.3.3, which is from over 15 years ago, I suggest you discard it, too. I'm marking this ticket as "done", but feel free to reply: any replies still go to the list and the bug database. ------------=_1515647883-27940-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 9 Jan 2018 07:47:14 +0000 Received: from localhost ([127.0.0.1]:42027 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eYocr-0006hL-Bz for submit@debbugs.gnu.org; Tue, 09 Jan 2018 02:47:13 -0500 Received: from eggs.gnu.org ([208.118.235.92]:38979) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eYnv8-0005er-Vr for submit@debbugs.gnu.org; Tue, 09 Jan 2018 02:02:03 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eYnv2-0007xw-QS for submit@debbugs.gnu.org; Tue, 09 Jan 2018 02:01:57 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,FREEMAIL_FROM, HTML_MESSAGE,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:45238) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eYnv2-0007xr-N0 for submit@debbugs.gnu.org; Tue, 09 Jan 2018 02:01:56 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58180) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eYnv1-0001nu-G4 for bug-gzip@gnu.org; Tue, 09 Jan 2018 02:01:56 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eYnuv-0007uJ-T8 for bug-gzip@gnu.org; Tue, 09 Jan 2018 02:01:55 -0500 Received: from mail-ot0-x230.google.com ([2607:f8b0:4003:c0f::230]:37326) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eYnuv-0007u2-NU for bug-gzip@gnu.org; Tue, 09 Jan 2018 02:01:49 -0500 Received: by mail-ot0-x230.google.com with SMTP id p31so10552741ota.4 for ; Mon, 08 Jan 2018 23:01:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=hTu6KSQGzeC1/H8bIZ3aoq4jOaqueJ2ouaQ1Fzr6img=; b=p3h4Cdhe0kDIEzA2KpuhFdwDzWGVfIAymmFnDOqEt4JONnwqKO/XeNQOpaDdtSGLEC aoNu94QN5vp94JlaLT+vZNqQzRHvhpKd0qDHG8GDoxEh5L5fHD2y9y1WbGjtfqQIPw/t BjpTn2AZRcx+qOX+SnVDf71efUslbSZM/4NVpEQ5cv0QaODscUCweaX7PwqowKE7AWLm v+uRE57N667ApXkPVsYzqHSZs2GaC7sF3Tiq9bi/k1iUnA/tBQb6OTg39C7F+ULlk7sg A3nK1LB/oVIdqfzecsGbvWOXBTDuZVwP0Xxwu9gKiE/mhFnVS/xM7fKO38kL2U4u9k5T cJow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=hTu6KSQGzeC1/H8bIZ3aoq4jOaqueJ2ouaQ1Fzr6img=; b=iXsVk6gilelyaH0mOPYukOfNeRDxcUZMq+9sd3vONINAPSX/PJo7ozHuW+8ndo8KWW vrtQ3S/UDZpSkiciLACmvUlxRajRzuxhimpjqBGD6GKCoZS5u9SgTTXAJDN63JaiO7Qp 3Rl9FHUnnICWKqV7HDiDpkYluOb0cfTbDpCyGvEb/hdfH1wCF5mrXnaKCyV1gmM/aIP/ oqHs3evw86AkmIqfDDX/RuXWClzBbPPVv+jE5N1InrNA1h9m0H3IS3nloJ15ymHZ0U2K Ga1CcMcxBKCuwIujpnEYcTdvEkMZMoySKkcmTQBLzeqUukc+aonwe3mLpCMynJHqA5J6 URJQ== X-Gm-Message-State: AKwxytc7FThhdrVM04J1riF+j51DptzG5MLjjuNlvWXEL4FYxazdyLLf BhtLVCJ3fii+PpKl52e5t530Xy3Msf4eQ1d2QFTsnw== X-Google-Smtp-Source: ACJfBouRPrztFFDFPZoJ8pQ5+NNXCyB99sUDqekUW3cteCTzn5pfNvgk+rJvlX554Fed6/oBuG5cWXIJwQhe5K6IdhY= X-Received: by 10.157.24.79 with SMTP id t15mr669463ott.258.1515481308198; Mon, 08 Jan 2018 23:01:48 -0800 (PST) MIME-Version: 1.0 From: =?UTF-8?Q?Stig=2D=C3=98rjan_Smelror?= Date: Tue, 09 Jan 2018 07:01:36 +0000 Message-ID: Subject: Mageia patching gzip with old CVE's To: bug-gzip@gnu.org Content-Type: multipart/alternative; boundary="001a1141568c09fcdd0562527d61" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Tue, 09 Jan 2018 02:47:12 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.0 (----) --001a1141568c09fcdd0562527d61 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi everyone. I'm a packager padawan with Mageia and started working on packaging gzip-1.9 yesterday. When looking through the list of patches for gzip, I noticed quite a few CVE's lingering there and then looking through the code it "seemed to me" that these CVE's are not included. Then I thought, perhaps they've managed to fix these in other ways, but since I'm no programmer and not really sure, I wanted to ask you. Can you please take a look at the patches Mageia uses and let me know if they are necessary or needs to be rebased for gzip-1.9? http://svnweb.mageia.org/packages/cauldron/gzip/current/SOURCES/ Thanks in advance. Cheers, Stig-=C3=98rjan Smelror --001a1141568c09fcdd0562527d61 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi everyone.

I'm a packager padawan with Mageia and started working on packaging = gzip-1.9 yesterday.

When looking through the list of patches f= or gzip, I noticed quite a few CVE's lingering there and then looking t= hrough the code it "seemed to me" that these CVE's are not in= cluded.

Then I thought, perhaps they've managed to fix the= se in other ways, but since I'm no programmer and not really sure, I wa= nted to ask you.

Can you please take a look at the patches Mag= eia uses and let me know if they are necessary or needs to be rebased for g= zip-1.9?
http://svnweb.mageia.org/packages/cauldron/gzip/current/SOURC= ES/

Thanks in advance.

Cheers,
Stig-= =C3=98rjan Smelror
--001a1141568c09fcdd0562527d61-- ------------=_1515647883-27940-1--