A Guy Called Tyketto
Thu Mar 14 23:47:01 2002
Content-Type: text/plain; charset=us-ascii
On Fri, Mar 15, 2002 at 06:10:59PM -0300, Renato Martini wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
> I read just now the"CERT Advisory CA-2002-07 Double Free Bug in zlib Comp=
> Library" - CA-2002-07, http://www.cert.org/advisories/CA-2002-07.html.
> The GnuPG uses the zlib library (release 1.1.3), and the
> systems affected are "any software that is linked to
> zlib 1.1.3 or earlier", or "data compression libraries derived from zli=
b 1.1.3 or
> earlier may contain a similar bug".
> The gpg is affected by this bug in zlib?
> The zlib library inside the GnuPG package or in the CVS will be changed?
I'm pretty sure Werner is including zlib 1.1.4 into the next releas=
(it would be safe to assume so, unless he says otherwise), but it would be =
one's best interest, to uninstall GnuPG, update your zlib, and recompile Gn=
against it. I played it safe and recompiled against zlib 1.1.4, so I know m=
binaries aren't affected by the bug.
Error on the side of caution, and be paranoid. ;)
Brad Littlejohn | Email: firstname.lastname@example.org
Unix Systems Administrator, | email@example.com
Web + NewsMaster, BOFH.. Smeghead! :) | http://www.wizard.com/~tyketto
PGP: 1024D/E319F0BF 6980 AAD6 7329 E9E6 D569 F620 C819 199A E319 F0BF
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----