[Announce] GnuPG fix for included zlib

Werner Koch wk at gnupg.org
Fri Mar 15 15:56:05 CET 2002


Hi!

As you probably all know, a security problem with the compress library
zlib has been found which affects a lot of software.  For details see:

  http://www.zlib.org/advisory-2002-03-11.txt

and the security announcements for your OS.

GnuPG does also use zlib; however in most environments the system
provided zlib is used.  So an update to this system library is
sufficient to fix the problem in GnuPG.

On systems without a installed zlib, the GnuPG build process
automatically includes the zlib copy which come with it.  This may
also be forced by using the --with-included-zlib configure option.
On those systems, GnuPG needs to be updated!  A patch with
instructions is attached to this mail.

Note, that the MS-Windows version is also affected by this bug; an
updated binary package will be available soon.

  Werner

-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnupg-zlib.patch
Type: text/x-patch
Size: 10437 bytes
Desc: not available
Url : /pipermail/attachments/20020315/44c9489e/gnupg-zlib.bin


More information about the Gnupg-devel mailing list