Fwd: zlib 1.2.2 released

Matthias B. msbREMOVE-THIS at winterdrache.de
Wed Nov 3 08:15:00 PST 2004

On Wed, 03 Nov 2004 09:57:08 -0500 Jason Gurtz <jason at tommyk.com> wrote:

> > Where can I download zlib2 source?
> There is no zlib2.  I was just kind of venting because zlib has had
> several vulnerabilities recently and is such a basic piece of software,
> used everywhere, even in commercial software.

And you think that a new library written from scratch would have fewer
vulnerabilities? I'm sorry to disappoint you, but you are mistaken. If you
have X man-hours to invest into security, you're better off spending them
on code audits for the old code than on writing completely new code.


God is real, unless declared integer.

More information about the lfs-security mailing list