[Python-Dev] zlib 1.2.3 is just out

Scott David Daniels Scott.Daniels at Acm.Org
Sat Jul 23 13:33:42 CEST 2005


Note zlib 1.2.3 is just out -- the zlib compression/decompression

     http://www.zlib.net/

 From the page:
     Version 1.2.3 eliminates potential security vulnerabilities in zlib
     1.2.1 and 1.2.2, so all users of those versions should upgrade
     immediately. The following important fixes are provided in
     zlib 1.2.3 over 1.2.1 and 1.2.2:

     * Eliminate a potential security vulnerability when decoding
       invalid compressed data
     * Eliminate a potential security vulnerability when decoding
       specially crafted compressed data
     * Fix a bug when decompressing dynamic blocks with no distance codes
     * Fix crc check bug in gzread() after gzungetc()
     * Do not return an error when using gzread() on an empty file

I'd guess this belongs in 2.5, with a possible retrofit for 2.4.

--Scott David Daniels
Scott.Daniels at Acm.Org



More information about the Python-Dev mailing list