[Aide-devel] Re: [Pkg-aide-maintainers] How does aide use zlib?
Marc Haber
mh+aide-devel at zugschlus.de
Sun Mar 19 09:01:33 UTC 2006
On Fri, Mar 17, 2006 at 04:53:55PM +0100, Richard van den Berg wrote:
> Marc Haber wrote:
> >Afaik, aide only uses zlib to read and/or write the compressed
> >database. Usually, the data source is a local file which is only
> >writeable by root, but aide can pull the reference data from a web
> >server as well.
>
> The pulling of the database from a web server is available as a patch to
> aide, but it has not entered the CVS version yet.
>
> >Do I see correctly that aide uses whatever zlib is present on the
> >build system at build time and statically links to that version?
>
> Correct.
That being cleared, I had a conversation with Moritz on IRC and we
decided not to put out a DSA for this issue since no external attack
vector exists. I have, however, arranged with the Debian stable
release managers to have aide updated in the next point release of
Debian sarge. 0.10-6.1 was recompiled and statically relinked against
the bugfixed zlib of Debian sarge security, and will be in Debian
3.1r3 as 0.10-6.1sarge2.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
More information about the Pkg-aide-maintainers
mailing list