Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 69988

Summary: zlib 1.2.1 has a security flaw
Product: Gentoo Linux Reporter: John Ratliff <webmaster>
Component: New packagesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: critical CC: mr_bones_, webmaster
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://www.zlib.net
Whiteboard:
Package list:
Runtime testing required: ---

Description John Ratliff 2004-11-03 15:41:11 UTC 
The main, official zlib site http://www.gzip.org/zlib/ lists 1.2.1 as the latest version, but in fact it should be 1.2.2 as is on www.zlib.net, the main mirror site.

zlib 1.2.2 is not in portage (or was not last I checked a couple days ago), even platform masked.

This response is from Mark Adler, co-author of zlib

On Nov 1, 2004, at 2:42 AM, jdratlif@indiana.edu wrote:
> I want to know if this is an official site and I should trust this, 
> because the official site seems to be gzip.org/zlib.

Yes, zlib.net is official, and 1.2.2 is the latest version.  
Unfortunately, we have not been able to get in touch with Jean-loup to update the gzip.org site.

mark
Comment 1 SpanKY gentoo-dev 2004-11-03 16:09:08 UTC 

*** This bug has been marked as a duplicate of 69920 ***
Comment 2 John Ratliff 2004-11-03 18:08:57 UTC 
Sorry about the dulpicate. I only searched open bugs and I guess it was still closed at the time. I'll make sure to search better next time.