Sorry to post here but I've received no response on the php-general list. I posted the following to that list a couple days ago and I was wondering if anyone on this list can help me. Thank you for your time.....Lenny
I've tried to search the archives/bug reports/faq's and didn't find any definitive answers on the zlib Double Free Bug CERT's Advisory CA-2002-07 issue. Even though I didn't compile php with the --with-zlib option when I run strings against the php library I still see zlib information. For example: > strings libphp4.a | grep -i zlib Request error: class file/memory mismatch Zlib So Zlib is still in the libphp4.a library. So does this mean that I could possibly still be vulnerable to the zlib Double Free Bug? Also, if I DO need to compile php with the --with-zlib option I assume I will also need to give it the --with-zlib-dir option. I assume if that zlib install directory does NOT have the bug, then I would be safe from it. I'm asking since I know there's the ext/zlib directory under the php source directory (well at least php v4.0.6) and I'm not sure if the bug exists somewhere in those files. Thanks for any help you can give me on those 2 questions. Please mail me directly since I'm not on this list. Thanks for your time and help, Lenny Miceli -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
