go-zlib icon indicating copy to clipboard operation
go-zlib copied to clipboard
verified publisher icon 4kills

zlib update?

Open Neustradamus opened this issue 1 year ago • 1 comments

Dear @4kills,

Can you update your code with the current original zlib code?

  • https://github.com/madler/zlib
  • https://github.com/madler/zlib/releases
  • https://zlib.net/

Thanks in advance.

Neustradamus avatar Aug 22 '24 20:08 Neustradamus

This package uses the native zlib library installed on your system. What do you mean by update your code? Has the zlib API changed?

haveachin avatar Aug 28 '24 07:08 haveachin

No further information given and stale. Perhaps the OP used an old version of this project, before we switched to using the installed zlib version, or the zlib version on OP's system is outdated.

4kills avatar Nov 29 '24 14:11 4kills

CVEs are not impacted?

Neustradamus avatar Nov 29 '24 20:11 Neustradamus

Since CVE-2023-45853 was fixed with zlib release 1.3.1 there is no need for us to act. This library is just a wrapper around whatever version of zlib is installed on the user's system. If a user still has the compromised version 1.3.0 installed, there is nothing we can do by updating our wrapper. Thank you very much for bringing this to our attention though!

4kills avatar Dec 06 '24 15:12 4kills