Since no one else replied I went ahead and investigated this myself.
Current CVS seemed to contain version 1.1.3 of the zlib library.

The page:

seems to indicate that version 1.1.3 IS vulnerable.

I have gone ahead, and incorporated the 1.1.4 versions of the relevant files
in my tree and created a patch.  It still compiles on my box, but I have
done 0 testing.  I'm not even sure where the zlib compression is used in the

Attached is the relevant patch.

I would recommend someone package a new release, and indicate possible
security issues with older versions on the web site.

Marty Schoch

On 3/12/02 3:48 PM, "Marty Schoch" <[EMAIL PROTECTED]> wrote:

> The RedHat Security Advisory RHSA-2002:027-22 mentions updated
> freeamp-2.0.8 rpms for various RedHat Powertools distributions due to
> staticly linked zlib vulnerabilities.  Would someone care to comment on
> any implications for the current 2.1 releases and or CVS trees.
> Marty Schoch
> _______________________________________________

Attachment: zlib.patch
Description: Binary data

Reply via email to