[Pkg-crosswire-devel] zlib: Old convenience copy of zlib library inside SWORD?
Jonathan Morgan
jonmmorgan at gmail.com
Sun Apr 19 12:56:25 BST 2009
On Sun, Apr 19, 2009 at 12:06 PM, Roberto C. Sánchez
<roberto at connexer.com> wrote:
> On Sat, Apr 18, 2009 at 06:56:42PM -0700, Jonathan Marsden wrote:
>> Looking around the SWORD source tree, I seem to have discovered a copy
>> of zlib 1.1.4 inside the SWORD library.
>>
> The way I have handled this sort of thing in the past is to repack the
> upstream tarball to exclude the embedded package.
>
> You certainly don't want to be shipping a zlib that old, even if it is
> not being used, because it certainly has many outstanding security
> holes.
Agreed. However, while I haven't touched it I have a feeling that I
have heard it is patched. This should be brought up on sword-devel.
Jon
More information about the Pkg-crosswire-devel
mailing list