Fwd: zlib 1.2.2 released

Matthias B. msbREMOVE-THIS at winterdrache.de
Wed Nov 3 08:15:00 PST 2004


On Wed, 03 Nov 2004 09:57:08 -0500 Jason Gurtz <jason at tommyk.com> wrote:

> > Where can I download zlib2 source?
> 
> There is no zlib2.  I was just kind of venting because zlib has had
> several vulnerabilities recently and is such a basic piece of software,
> used everywhere, even in commercial software.

And you think that a new library written from scratch would have fewer
vulnerabilities? I'm sorry to disappoint you, but you are mistaken. If you
have X man-hours to invest into security, you're better off spending them
on code audits for the old code than on writing completely new code.

MSB

-- 
God is real, unless declared integer.




More information about the lfs-security mailing list