[Pkg-crosswire-devel] zlib: Old convenience copy of zlib library inside SWORD?
Roberto C. Sánchez
roberto at connexer.com
Sun Apr 19 03:06:13 BST 2009
On Sat, Apr 18, 2009 at 06:56:42PM -0700, Jonathan Marsden wrote:
> Looking around the SWORD source tree, I seem to have discovered a copy
> of zlib 1.1.4 inside the SWORD library.
>
The way I have handled this sort of thing in the past is to repack the
upstream tarball to exclude the embedded package.
You certainly don't want to be shipping a zlib that old, even if it is
not being used, because it certainly has many outstanding security
holes.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-crosswire-devel/attachments/20090418/fd07e8e9/attachment.sig>
More information about the Pkg-crosswire-devel
mailing list