[Python-Dev] zlib 1.2.3 is just out
Scott David Daniels
Scott.Daniels at Acm.Org
Sat Jul 23 13:33:42 CEST 2005
Note zlib 1.2.3 is just out -- the zlib compression/decompression
http://www.zlib.net/
From the page:
Version 1.2.3 eliminates potential security vulnerabilities in zlib
1.2.1 and 1.2.2, so all users of those versions should upgrade
immediately. The following important fixes are provided in
zlib 1.2.3 over 1.2.1 and 1.2.2:
* Eliminate a potential security vulnerability when decoding
invalid compressed data
* Eliminate a potential security vulnerability when decoding
specially crafted compressed data
* Fix a bug when decompressing dynamic blocks with no distance codes
* Fix crc check bug in gzread() after gzungetc()
* Do not return an error when using gzread() on an empty file
I'd guess this belongs in 2.5, with a possible retrofit for 2.4.
--Scott David Daniels
Scott.Daniels at Acm.Org
More information about the Python-Dev
mailing list