On Wed, 2005-02-16 at 17:34, Tomasz Kojm wrote: > On Wed, 16 Feb 2005 14:57:16 +0100 > Tarjei Knapstad <[EMAIL PROTECTED]> wrote: > > > Nobody is whining here Dennis. > > > > I was asking a question about what the zlib warning was all about. The > > www.zlib.net: > > "October 3rd, 2004 > > Version 1.2.2 eliminates a potential security vulnerability in zlib > 1.2.1, so all users of 1.2.1 should upgrade immediately. The following > important fixes are provided in zlib 1.2.2[...]" >
Yes, thanks. As I said earlier I was being sent to the wrong zlib site by google. > > > 3rd party SRPM requires zlib 1.2.1.2 which is the latest available for > > FC3 (1.2.2.2 is in Rawhide). The zlib homepage doesn't mention > > anything about 1.2.2 (you can download it if you manually change the > > You're wrong. > Yes, but not wrt. the old zlib site. > > Java test suite? Assembler builds on VC6? Not applicable. 1.2.1.2 is > > the version where all the nasties were fixed. Something may have been > > You're wrong. We've been playing with the bug in zlib since March 2004 > and we have some knowledge which versions are fixed or not. > OK, but there's nothing in the zlib ChangeLog about it. The bug fixes for the potential DoS attacks were fixed in 1.2.1.2 for instance. > > "The software doesn't have a brain" alright, but it would be a lot > > more helpful if that warning actually stated what the possible problem > > was. (CAN-2004-0797 for instance?) > > It suggests visiting www.zlib.net and you didn't do it. > No, the 3rd party SRPM has --disable-zlib-vcheck (to make it build on Fedora Core 3 which has zlib 1.2.1.2) so I only got the warning which didn't mention www.zlib.net. Not ClamAV's fault of course. -- Tarjei _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
