Gzip needs 1.2.4b patch applied (easy one)
|Reported by:||scottmc||Owned by:||axeld|
|Component:||Applications/Command Line Tools||Version:||R1/pre-alpha1|
|Has a Patch:||no||Platform:||All|
From http://www.gzip.org/ Important security patch gzip 1.2.4 may crash when an input file name is too long (over 1020 characters). The buffer overflow may be exploited if gzip is run by a server such as an ftp server. Some ftp servers allow compression and decompression on the fly and are thus vulnerable. See technical details here. This patch to gzip 1.2.4 fixes the problem. The beta version 1.3.3 already includes a sufficient patch; use this version if you have to handle files larger than 2 GB. A new official version of gzip will be released soon.
note that the last update to that page was July 27th, 2003, so probably not going to see a released 1.3.3 soon. I suggest we patch to 1.2.4b, here's the url to the patch file: