vulnerable zlib in testing?

Matthew Burgess matthew at
Sun Sep 12 09:12:54 PDT 2004

On Sun, 12 Sep 2004 08:00:11 -0700
"Kevin P. Fleming" <kpfleming at> wrote:

> Matthew Burgess wrote:
> > I'll leave that for future discussion.  I don't see why we can't do
> > this
> > - other than needing a script that will tell us that kind of
> > information of course.
> The find-zlib script seems to work fine. The only items I found in a 
> standard LFS install that have zlib in them are:
> /lib/ (duh <G>)
> /sbin/modprobe, /sbin/depmod, /sbin/modinfo (from module-init-tools)
> /usr/bin/cvs (which has embedded zlib 1.1.4, which is even worse)

In addition, it would appear as if the linux kernel has an in-tree copy
of zlib-1.1.3 (see linux-  Unless
that version has a fix for, then whatever kernel
features need it would presumably be susceptible to that vulnerability


More information about the lfs-dev mailing list