[mew-int 01365] zlib 1.1.4 vulnerability
Kazu Yamamoto ( 山本和彦 )
kazu at example.com
Tue Apr 1 16:59:52 JST 2003
Hello,
As you may know a security hole have been found in zlib 1.1.4:
http://www.securityfocus.com/bid/6913
Since bin/mewencode is linked with the zlib, I investigate this.
Because mewencode does NOT use gzprintf(), I believe mewencode is NOT
vulnerable.
Of course, upgrading of zlib is a good thing, anyway, though zlib
1.1.5 is not available at this moment.
--Kazu
More information about the Mew-int
mailing list