[Secure-testing-team] Bug#854727: Multiple vulnerabilities / unsuitable for stretch?
Moritz Muehlenhoff
jmm at debian.org
Thu Feb 9 22:31:22 UTC 2017
Source: zziplib
Severity: grave
Tags: security
Hi,
multiple security issues have been found in zziplib by Agostino Sarubbo
of Gentoo:
http://www.openwall.com/lists/oss-security/2017/02/09/10
http://www.openwall.com/lists/oss-security/2017/02/09/11
http://www.openwall.com/lists/oss-security/2017/02/09/12
http://www.openwall.com/lists/oss-security/2017/02/09/13
http://www.openwall.com/lists/oss-security/2017/02/09/14
http://www.openwall.com/lists/oss-security/2017/02/09/15
http://www.openwall.com/lists/oss-security/2017/02/09/16
http://www.openwall.com/lists/oss-security/2017/02/09/17
http://www.openwall.com/lists/oss-security/2017/02/09/18
http://www.openwall.com/lists/oss-security/2017/02/09/19
http://www.openwall.com/lists/oss-security/2017/02/09/20
He points out that upstream seems dead:
http://www.openwall.com/lists/oss-security/2017/02/09/21
Aside from that, there's also older, unacknowleged bugs from the
Mayhem project in the BTS.
So unless you want to pick up upstream maintenace yourself, we should
rather remove zziplib from stretch.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list