Fri Mar 15 22:59:01 2002
----- Original Message -----
From: "Florian Weimer" <Weimer@CERT.Uni-Stuttgart.DE>
Sent: Friday, March 15, 2002 1:13 PM
Subject: Re: ZLIB vulnerability
> "AthlonRob" <email@example.com> writes:
> > Does GnuPG actually include zlib itself, or does it just require you
> > zlib on your system, and then utilize that?
> The source code includes a copy of zlib, but the build process uses
> the system zlib if available.
I happen to compile GnuPG under Windows (using Cygwin) where
I don't have a system zlib, so it uses the one that comes with gnupg.
The latest version of gnupg, 1.0.6, comes with zlib version 1.1.3
(which has the vulnerability). So I replaced the zlib library with
zlib version 1.1.4 and recompiled my gnupg.