On Wed, Apr 12, 2006 at 10:18:08AM +0100, Alex Zbyslaw wrote: > Ted Mittelstaedt wrote: > > >Alex, you would lose that bet, zlib 1.2.2 has a hole in it, it > >should have been replaced with 1.2.3 See the zlib website > >for more info. > > > >Nospam, good catch, if none of the hip-shooters here file a PR I'll > >get around to it the next time I get a running build off the > >cvs. > > > > > Sorry, I remain unconvinced. Follow the bug links on the zlib home page > and both contain "References" like this: > > > > >ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc > >https://rhn.redhat.com/errata/RHSA-2005-569.html > >http://secunia.com/advisories/15949/ > > So unless the fixes somehow were un-made for 6.1, zlib is not > vulnerable, regardless of whether the version number is 1.2.2 or 1.2.3.
Yes, Ted is wrong. Kris
pgp0zmAEV3IIN.pgp
Description: PGP signature
