bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

zlib/libz security problem in cvs?


From: Adrian Pepper
Subject: zlib/libz security problem in cvs?
Date: Tue, 26 Mar 2002 17:51:31 -0500 (EST)

I see older versions of cvs tended to come with their own source
for a now-known-to-be-buggy version of zlib.  (i.e. a security
risk).

Even the (older) cvs-1.11 I do have (though not fully deployed) uses an
included zlib apparent version 1.0.4 c1996.

Do newer versions (or perhaps even older versions) look for a
common and/or shared zlib/libz ?

Does anyone know about the forward compatiblity of zlib/libz
routines?  Would I be able to simply replace the use of
../zlib/libz.a with my own static or shared version and rebuild?
Would I need to be careful to also use the zlib.h file corresponding to
the newer one, or have all changes been internal and not to the
external subroutine interface as used by cvs?  (This might help
avoid me "changing versions of cvs mid-term").

Oh yes, as I was looking back through my mailbox for the email
address, it sure looked like the signal-to-noise (spam) ratio on
this list is getting absurd.


Adrian Pepper
Math Faculty Computing Facility, University of Waterloo, Ontario, Canada
address@hidden



reply via email to

[Prev in Thread] Current Thread [Next in Thread]