ra...@siliconet.pl wrote: > >On 29.01.2025 4:16 PM, Roberto C. Sánchez wrote: >> Yes, it still means that. The minizip binary package you are seeing >> comes from a different source package, also called minizip: >> >> https://packages.debian.org/source/bookworm/minizip > >Aha! Got it :-) > >And there are no binary components in Debian based on vulnerable zlib1g >library in bookworm? > >But I have to be aware of this if I want to build some package by myself >which depends on zlib1g, right?
Not at all. The bug is in minizip, an example/contrib program shipped in the zlib source package. It is not part of the library *in any way*. -- Steve McIntyre, Cambridge, UK. st...@einval.com Can't keep my eyes from the circling sky, Tongue-tied & twisted, Just an earth-bound misfit, I...
