GNU bug report logs - #30040
Mageia patching gzip with old CVE's

Previous Next

Package: gzip;

Reported by: Stig-Ørjan Smelror <smelror <at> gmail.com>

Date: Tue, 9 Jan 2018 07:48:02 UTC

Severity: normal

Done: Jim Meyering <jim <at> meyering.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Stig-Ørjan Smelror <smelror <at> gmail.com>
To: 30040 <at> debbugs.gnu.org
Subject: bug#30040: Mageia patching gzip with old CVE's
Date: Tue, 09 Jan 2018 07:01:36 +0000

[Message part 1 (text/plain, inline)]
Hi everyone.

I'm a packager padawan with Mageia and started working on packaging
gzip-1.9 yesterday.

When looking through the list of patches for gzip, I noticed quite a few
CVE's lingering there and then looking through the code it "seemed to me"
that these CVE's are not included.

Then I thought, perhaps they've managed to fix these in other ways, but
since I'm no programmer and not really sure, I wanted to ask you.

Can you please take a look at the patches Mageia uses and let me know if
they are necessary or needs to be rebased for gzip-1.9?
http://svnweb.mageia.org/packages/cauldron/gzip/current/SOURCES/

Thanks in advance.

Cheers,
Stig-Ørjan Smelror

[Message part 2 (text/html, inline)]
This bug report was last modified 7 years and 136 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.