Non-Official packages (was Re: Good morning from a newbie)

Tushar Teredesai tushar at
Tue Jan 14 21:27:58 PST 2003

Tushar Teredesai wrote:

> Not putting in a request, another non-official release that could be 
> considered: gzip-1.3.3. The latest version on is 1.3.5, 
> but most distros are using 1.3.3.


    /gzip/ 1.2.4 may crash when an input file name is too long (over
    1020 characters). The buffer overflow may be exploited if /gzip/ is
    run by a server such as an ftp server. Some ftp servers allow
    compression and decompression on the fly and are thus vulnerable.
    See technical details here <>.
    This patch <> to gzip 1.2.4
    fixes the problem. The beta version 1.3.3
    <> already includes a
    sufficient patch; use this version if you have to handle files
    larger than 2 GB. A new official version of /gzip/ will be released

Tushar Teredesai

Unsubscribe: send email to listar at
and put 'unsubscribe lfs-dev' in the subject header of the message

More information about the lfs-dev mailing list