On 3/31/22 16:13, Dimitry Sibiryakov wrote:
Alex Peshkoff via Firebird-devel wrote 31.03.2022 15:05:
On 3/31/22 11:11, Mark Rotteveel wrote:
A security vulnerability was found in zlib:
https://nakedsecurity.sophos.com/2022/03/29/zlib-data-compressor-fixes-17-year-old-security-bug-patch-errr-now/
Will we include an updated version in the next release?
On linux that's not our problem - we always use system libz.so.
On windows I think yes, we should upgrade version.
Note that the crash happen on compression so it doesn't affect
Firebird security.
Did not catch why - we use zlib compression on the wire (since fb3) and
in gbak (since fb4). Both cases are not default but anyway not good.
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
