Brian Behlendorf wrote:

> On Tue, 12 Mar 2002, Trevor Johnson wrote:
> > Regardless, I'd recommend that you update to Mozilla 0.9.9, because of the
> > zlib "double free" bug. Mozilla contains its own copy of the zlib code,
> > which was corrected as of version 0.9.9.
>
> Unless I misunderstand something, even those apps with their own
> statically linked copies of zlib are not vulnerable on freebsd due to
> freebsd's malloc implementation, right? Unless they also statically
> compiled in glibc?

I would suppose that dynamically linking to glibc would cause problems
too. The Linux binary of Mozilla, which I assumed Dave Hawkey was asking
about, does that (I updated the port of it today). I would suppose that
the native Mozilla might be fine--unless, as you suggest, it contains its
own copy of GNU malloc.

-- 
Trevor Johnson
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]