Change Details

The version used in GnuPG is 1.2.8

There are two directories where the library is included: APPDIR/GnuPG/bin/Zlib1.dll (version of Zlib is here 1.2.8) APPDIR/Gpg4win/bin/Zlib1.dll (version of Zlib is here 1.2.11) For version 1.2.8 two CVEs are known: CVE-2016-9842 (CVSS 8.8) and CVE-2016-9841 (CVSS 9.8). Accordingly to @aheinecke the use of Zlib is strongly limited, so these CVEs are not relevant for GnuPG.

The version used in GnuPGThere are two directories where the library is 1.2.8included: APPDIR/GnuPG/bin/Zlib1.dll (version of Zlib is here 1.2.8) APPDIR/Gpg4win/bin/Zlib1.dll (version of Zlib is here 1.2.11) For version 1.2.8 two CVEs are known: CVE-2016-9842 (CVSS 8.8) and CVE-2016-9841 (CVSS 9.8). Accordingly to @aheinecke the use of Zlib is strongly limited, so these CVEs are not relevant for GnuPG.