[Zlib-devel] zlib 1.2.3.1 released for testing
Glenn Randers-Pehrson
glennrp at comcast.net
Mon Sep 18 07:09:47 EDT 2006
At 10:09 PM 9/17/2006 -0700, Greg Roelofs wrote:
>> 1.1.x would have to be 1.1.4 to avoid a security vulnerability in
>> 1.1.3 and earlier.
>
>Yup. I couldn't remember if 1.1.4 had any known issues of its own,
>though.
It does not detect "too far back" errors. Maybe that is harmless,
but the solution Mark proposes for 1.2.3.x (substitute zeroes for
the out-of-bounds memory accesses) is better, I think.
Glenn
More information about the Zlib-devel
mailing list