1.4.11 release candidate

Werner Koch wk at gnupg.org
Fri Sep 24 09:53:16 CEST 2010


On Thu, 23 Sep 2010 20:59, lists at michel-messerschmidt.de said:
> On Thu, Sep 23, 2010 at 08:26:19PM +0200, Werner Koch wrote:
>> On Thu, 23 Sep 2010 14:20, war_is_peace at privatdemail.net said:
>> 
>> > While you're at it, you might want to update zlib to version 1.2.5 -
>> > looking at the source, it seems that the currently used version is 1.1.4.
>> 
>> I see no reason for such an update.
>
> CVE-2003-0107 ?

That is about a buffer overflow in gzprintf - we don't use those high
level functions.  Actually the included zlib code is stripped down to
the bare minimum.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list