[Bug 1358762] Re: Included gzip 1.2.4 has several vulnerabilities
Pieter
1358762 at bugs.launchpad.net
Tue Nov 6 00:24:07 UTC 2018
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-1228
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to klibc in Ubuntu.
https://bugs.launchpad.net/bugs/1358762
Title:
Included gzip 1.2.4 has several vulnerabilities
Status in klibc:
New
Status in klibc package in Ubuntu:
Confirmed
Bug description:
The included gzip version is quite old (version 1.2.4) and has several
security vulnerabilities.
Check http://web.nvd.nist.gov/view/vuln/search-
results?adv_search=true&cves=on&cpe_version=cpe:/a:gnu:gzip:1.2.4 for
example.
I explicitly checked for CVE-2001-1228, which was not fixed by a patch
in the klibc package, so I assume the other vulnerabilities are not
fixed either.
I think it would be a good idea to update the included gzip to a
current version.
To manage notifications about this bug go to:
https://bugs.launchpad.net/klibc/+bug/1358762/+subscriptions
More information about the foundations-bugs
mailing list