Index: trunk/server/fedora/specs/gzip.spec.patch
===================================================================
--- trunk/server/fedora/specs/gzip.spec.patch	(revision 1433)
+++ trunk/server/fedora/specs/gzip.spec.patch	(revision 1433)
@@ -0,0 +1,40 @@
+--- gzip.spec.orig	2010-01-21 05:33:38.000000000 -0500
++++ gzip.spec	2010-01-21 05:37:54.000000000 -0500
+@@ -1,7 +1,7 @@
+ Summary: The GNU data compression program
+ Name: gzip
+ Version: 1.3.12
+-Release: 9%{?dist}
++Release: 9.scripts.%{scriptsversion}%{?dist}
+ # info pages are under GFDL license
+ License: GPLv2 and GFDL
+ Group: Applications/File
+@@ -17,6 +17,8 @@
+ Patch16: gzip-1.3.5-cve-2006-4337_len.patch
+ Patch17: gzip-1.3.12-futimens.patch
+ Patch18: gzip-1.3.12-zdiff.patch
++Patch100: gzip-cve-2009-2624.patch
++Patch101: gzip-cve-2010-0001.patch
+ URL: http://www.gzip.org/
+ Requires: /sbin/install-info
+ Requires: mktemp less
+@@ -43,6 +45,8 @@
+ %patch16 -p1 -b .4337l
+ %patch17 -p1 -b .futimens
+ %patch18 -p1 -b .ret
++%patch100 -p0 -b .cve-2009-2624
++%patch101 -p0 -b .cve-2010-0001
+ %build
+ export DEFS="NO_ASM"
+ export CPPFLAGS="-DHAVE_LSTAT"
+@@ -89,6 +93,10 @@
+ %{_infodir}/gzip.info*
+ 
+ %changelog
++* Thu Jan 21 2010 Mitchell Berger <mitchb@mit.edu> 1.3.12-9.scripts.1432
++- Add patch for CVE-2009-2624
++- Add patch for CVE-2010-0001
++
+ * Fri Mar 13 2009 Ivana Varekova <varekova@redhat.com> - 1.3.12-9
+ - fix #484213 - zdiff shows no output
+