Re: [tlug] zlib bug

[Ben Gertzfield <che@example.com>]

>>>>> "Christopher" == Christopher SEKIYA <wileyc@example.com> writes:

    Pietro> Let's see at
    Pietro> http://www.cert.org/advisories/CA-2002-07.html

    Christopher> Known problem, fixed in new zlib release, only bad if
    Christopher> one's free() implementation segfaults when
    Christopher> double-freeing (good design choice, Doug Lea).

It definitely was quickly fixed in the new zlib release, but there are
hundreds if not thousands of software products that took the zlib
source and made it part of their program directly, without linking
against a dynamic library.  These cannot be fixed with a new
upstream release, and we all know how long it takes commercial
products to fix security flaws of this sort.

Try grepping a few Windows programs for common zlib symbol names
sometime.

Ben

-- 
Brought to you by the letters G and P and the number 7.
"To Perl, or not to Perl, that is the kvetching."
Debian GNU/Linux maintainer of Gimp and Nethack -- http://www.debian.org/