Roman Drahtmueller
2) packages that contain the compression library in their own source distribution. These packages need an individual bugfix. We have prepared update packages for this software that can be downloaded from the locations as shown below.
Shouldn't these packages rather be modified to use the system library
rather then fixing them all individually? I know, this is beyond the
scope of a security bugfix as the latter shouldn't contain feature
changes and this can oft not be done as quickly as needed. But i
think, a package bringing a library on its own, when decent system
libraries are available, this is a quite stupid idea and it is also a
security issue, as we can see with this announcement.
--
Rolf Krahl