What's the status of the gzprintf() buffer-overrun bug? Is vsnprintf() now turned on by default on platforms that support it? The code in gzio.c _looks_ OK to me, but I'm not necessarily a security guru and may be overlooking something obvious. Is it supposed to be fixed now? Greg