[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [TSVN] zlib security flaw?

From: Mark Phippard <MarkP_at_softlanding.com>
Date: 2005-07-07 19:01:02 CEST

SteveKing <steveking@gmx.ch> wrote on 07/07/2005 12:51:18 PM:

> Mark Phippard wrote:
> > Does anyone know any details about this?
> >
> >
http://www.eweek.com/article2/0,1759,1834632,00.asp?kc=EWRSS03119TX1K0000594
> >
> > The article was posted last night and is on their front page. However,

> > the problem sounds exactly like the problem fixed in zlib 1.2.2. Did
> > eWeek just pick up an old story or is there a new bug? I do not see a
new
> > version of zlib, but the article does say that the fix is not posted
yet.
> >
> > Since new Windows binaries will soon be posted, as well as a new
version
> > of TortoiseSVN, we should probably clear this up so that if there is a
fix
> > it is included.
>
> Are you sure they will be posted soon? It took about half a year for the

> 1.2.2 version to appear on the official website (it was available
> earlier from the developers site, but not from the official site).
> Also, we don't use the binaries but the sourcecode.

I do not know anything that is not in the articles I posted. I was basing
my comment on this passage at the end:

Activity at the Zlib development site has been sparse for some time, and
the main developers seem to have moved on to other projects. We received
no response to our attempts to contact the developers in time for this
story.

However, Ormandy said, "Zlib is very mature and stable, so development is
sporadic, but it's certainly not dead. Mark Adler [a Zlib co-author]
responded to my report with a patch and an in-depth investigation and
explanation within 24 hours, and I believe he expects to release a new
version of Zlib very soon."

Mark

_____________________________________________________________________________
Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs.
_____________________________________________________________________________

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Thu Jul 7 19:01:30 2005

This is an archived mail posted to the TortoiseSVN Dev mailing list.