* David Shaw: > The bundled zlib is GnuPG is 1.1.4. To my understanding, it is not > vulnerable. The problem is only on zlib 1.2 and later. Thanks for looking into this. I should have checked the version of the included copy; sorry for the noise.