From: "Ed Greshko" <Ed.Greshko@xxxxxxxxxxx>
jdow wrote:
Does anybody other than me think it is a little peculiar that there
was a listed update for gzip today that has an earlier version number
than the one from the second?
gzip-1.3.5-7.1.fc5.i386.rpm October 2
gzip-1.3.5-7.fc5.i386.rpm October 10
Did somebody screw up the version numbering?
Well, I've not updated my FC5 system recently. So, I went to update it
today. I had gzip-1.3.5-6.2.1 installed and it is being updated to
gzip-1.3.5-7.1.fc5. So, I'm not sure what you are seeing or why.
I received this today. Please note the version of gzip it calls out.
The October2 patch was declared with a higher version than this security
patch. This raises questions about somebody possibly bolixing up the
version number on a patch we should have. (The files are VASTLY different
sizes.)
{^_^}
===8<---
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-989
2006-10-10
---------------------------------------------------------------------
Product : Fedora Core 5
Name : gzip
Version : 1.3.5
Release : 7.fc5
Summary : The GNU data compression program.
Description :
The gzip package contains the popular GNU gzip data compression
program. Gzipped files have a .gz extension.
Gzip should be installed on your Red Hat Linux system, because it is a
very commonly used data compression program.
---------------------------------------------------------------------
* Wed Sep 20 2006 Ivana Varekova <varekova@xxxxxxxxxx> 1.3.5-7.fc5
- fix bug 204676 (patches by Tavis Ormandy)
- cve-2006-4334 - null dereference problem
- cve-2006-4335 - buffer overflow problem
- cve-2006-4336 - buffer underflow problem
- cve-2006-4338 - infinite loop problem
- cve-2006-4337 - buffer overflow problem
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
058b352c889d357d2f369d8358643b16820c5e22 SRPMS/gzip-1.3.5-7.fc5.src.rpm
058b352c889d357d2f369d8358643b16820c5e22 noarch/gzip-1.3.5-7.fc5.src.rpm
a9679679039bf6a7646dc18ab267b87a905aee4d ppc/debug/gzip-debuginfo-1.3.5-7.fc5.ppc.rpm
e9199ea8e46e2e3ead27eae3a1159f4fb47c8d1a ppc/gzip-1.3.5-7.fc5.ppc.rpm
cc837290ccd3b1427d0121cc668fdf4e282e39f3
x86_64/debug/gzip-debuginfo-1.3.5-7.fc5.x86_64.rpm
d7a7b184f5b98b58ea680fe49414b5b4f88b4ac4 x86_64/gzip-1.3.5-7.fc5.x86_64.rpm
a9450c087c726cb7dba45c97a2507706057a3d84 i386/debug/gzip-debuginfo-1.3.5-7.fc5.i386.rpm
7c1a6092d74f53916a9046c118a25b386993212e i386/gzip-1.3.5-7.fc5.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------
_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-package-announce
===8<---