Fri Mar 15 21:55:01 2002
Does GnuPG actually include zlib itself, or does it just require you have
zlib on your system, and then utilize that?
I just downloaded and compiled zlib 1.1.4 along with GnuPG yesterday,
assuming GnuPG would use the updated zlib... was I mistaken?
----- Original Message -----
From: "Anton Stiglic" <email@example.com>
Sent: Friday, March 15, 2002 11:45 AM
Subject: ZLIB vulnerability
> Hi all,
> this has maybe already been discussed here, but I haven't seen any mention
> of it on www.gnupg.org.
> A colleague of mine pointed out to me that there is a security
> with zlib version < 1.1.4.
> GnuPG 1.0.6 uses zlib version 1.1.3, so there is a security risk.
> They suggested replacing older versions of zlib with zlib version 1.1.4,
> I would suggest a new version of GnuPG that comes with zlib v 1.1.4.
> Gnupg-users mailing list