vulnerable zlib in testing?

Jeremy Utley jeremy at jutley.org
Sun Sep 12 04:34:27 PDT 2004


On Sun, September 12, 2004 4:01 am, Nico R. said:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Laurens Blankers wrote:
>
>> Laurens Blankers wrote:
>>> The zlib used in testing (and unstable) is vulnerable to a denial of
>>> service attack.
>>
>> I still think that this is a problem, but noone else seems to think
>> so.
>
> Sure, I do. I suggest you file a bug for this in Bugzilla so that it
> doesn't get forgotten and mark it with severity "Critical" or higher.

Until a patch is available to resolve the problem in zlib, there's not a
whole lot we can do.  I see lots of references to the problem searching
the web, but no patch, and no new version of zlib to resolve this.  If you
have information regarding where the patch to resolve this is, please let
us know.  Otherwise, there's not a whole lot we can do.

-J-




More information about the lfs-dev mailing list