Note zlib 1.2.3 is just out -- the zlib compression/decompression
http://www.zlib.net/
From the page:
Version 1.2.3 eliminates potential security vulnerabilities in zlib
1.2.1 and 1.2.2, so all users of those versions should upgrade
immediately. The following important fixes are provided in
zlib 1.2.3 over 1.2.1 and 1.2.2:
* Eliminate a potential security vulnerability when decoding
invalid compressed data
* Eliminate a potential security vulnerability when decoding
specially crafted compressed data
* Fix a bug when decompressing dynamic blocks with no distance codes
* Fix crc check bug in gzread() after gzungetc()
* Do not return an error when using gzread() on an empty file
I'd guess this belongs in 2.5, with a possible retrofit for 2.4.
--Scott David Daniels
[EMAIL PROTECTED]
_______________________________________________
Python-Dev mailing list
[email protected]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
