[Pkg-crosswire-devel] zlib: Old convenience copy of zlib library inside SWORD?

Jonathan Morgan jonmmorgan at gmail.com
Sun Apr 19 12:56:25 BST 2009

On Sun, Apr 19, 2009 at 12:06 PM, Roberto C. Sánchez
<roberto at connexer.com> wrote:
> On Sat, Apr 18, 2009 at 06:56:42PM -0700, Jonathan Marsden wrote:
>> Looking around the SWORD source tree, I seem to have discovered a copy
>> of zlib 1.1.4 inside the SWORD library.
> The way I have handled this sort of thing in the past is to repack the
> upstream tarball to exclude the embedded package.
> You certainly don't want to be shipping a zlib that old, even if it is
> not being used, because it certainly has many outstanding security
> holes.

Agreed.  However, while I haven't touched it I have a feeling that I
have heard it is patched.  This should be brought up on sword-devel.


More information about the Pkg-crosswire-devel mailing list