vulnerable zlib in testing?
Kevin P. Fleming
kpfleming at linuxfromscratch.org
Sun Sep 12 09:17:04 PDT 2004
Matthew Burgess wrote:
> In addition, it would appear as if the linux kernel has an in-tree copy
> of zlib-1.1.3 (see linux-22.214.171.124/lib/zlib_inflate/inftrees.c). Unless
> that version has a fix for
> http://www.gzip.org/zlib/advisory-2002-03-11.txt, then whatever kernel
> features need it would presumably be susceptible to that vulnerability
That fix was slipstreamed into the kernel version, without upgrading it
to 1.1.4. I don't remember the exact reason why they chose that path,
but I do remember it happened.
More information about the lfs-dev