ZLIB vulnerability

Anton Stiglic astiglic@okiok.com
Fri Mar 15 17:51:01 2002

Hi all,

this has maybe already been discussed here, but I haven't seen any mention
of it on www.gnupg.org.

A colleague of mine pointed out to me that there is a security vulnerability
with zlib version < 1.1.4.
GnuPG 1.0.6 uses zlib version 1.1.3, so there is a security risk.


They suggested replacing older versions of zlib with zlib version 1.1.4,
I would suggest a new version of GnuPG that comes with zlib v 1.1.4.