lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Dec 2007 18:04:29 +0100 From: "Stefan Kanthak" <stefan.kanthak@...go.de> To: <bugtraq@...urityfocus.com> Subject: Re: Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) and vulnerable bz2lib (CAN-2005-0758 & CAN-2005-0953) I wrote Monday, October 29, 2007 10:04 PM: > I wrote Sunday, October 21, 2007 2:18 PM: > > > Anonymous <farion42@...oo.de> wrote Saturday, October 20, 2007 11:55 AM: > > > >> As a workaround, one could try to manually replace zlib32.dll in a Windows > >> GSView 4.8 installation with the current zlib1.dll version 1.2.3. > > [...] > > > Unfortunately the maintainer of GSview choose not to reply to my bug > > report which included a question about the source of the ZLIB32.DLL. > > The maintainer finally replied to the last of my three attempts to > contact him (very timely, regarding the different timezones we are in): > > | I can't do much about it just at the moment. I've had a computer > | motherboard failure and while I've now got a new computer, I haven't > | got all my development tools running yet. > | > | I will update the DLL in the next release. Yes, I compiled the DLL > | myself. There wasn't a precompiled version at the time I started using > | it. In the meantime an updated version 4.9 of GSView is available from <http://www.cs.wisc.edu/~ghost/gsview/> that fixes CAN-2005-2096 (zlib) as well as CAN-2005-0953 and CAN-2005-0758 (libbz2). The latter had been disclosed to the author/maintainer only until now. The zlib32.dll distributed in the installation is now the "official" zlib1.dll from zlib.net; due to a lack of an "official" libbz2.dll this one is provided by the maintainer. Stefan Kanthak
Powered by blists - more mailing lists