Non-Official packages (was Re: Good morning from a newbie)

Timothy Bauscher timothy at
Tue Jan 14 21:53:35 PST 2003

On Tue, Jan 14, 2003 at 11:27:58PM -0600, Tushar Teredesai wrote:
> From
>    /gzip/ 1.2.4 may crash when an input file name is too long (over
>    1020 characters). The buffer overflow may be exploited if /gzip/ is
>    run by a server such as an ftp server. Some ftp servers allow
>    compression and decompression on the fly and are thus vulnerable.
>    See technical details here <>.
>    This patch <> to gzip 1.2.4
>    fixes the problem. The beta version 1.3.3
>    <> already includes a
>    sufficient patch; use this version if you have to handle files
>    larger than 2 GB. A new official version of /gzip/ will be released
>    soon.

IIRC, the gzip patch in the book fixes some of the above


-*- "Share and Enjoy" || "Go stick your head in a pig" -*-
Unsubscribe: send email to listar at
and put 'unsubscribe lfs-dev' in the subject header of the message

More information about the lfs-dev mailing list