Is Antibot shipping with security vulnerabilities?

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

lb, good catch and apologies for the late reply. we did some digging on this one and we do not actually use 1.2.2, but we do ship with it. we link to 1.2.3 in the product, which as you mention, is the more current version w/o the vulns in questions. 1.2.2 was simply not removed when it should have been.

 

--dave

Thanks!

 

I am not entirely clear about your answer.

 

1- If you ship it but don't use it, then it is safe to delete zlib1.dll, correct?

2- What do you mean by "we link to 1.2.3 in the product"? Do you mean that Antibot uses 1.2.3 but someone forgot to remove 1.2.2 from the package?

 

Actually, Secunia PSI did all the work for me; the catch is theirs. Great piece of software, you should install it on your home computer. :-)

LB, it's number 2: we use 1.2.3 but someone essentially forgot to remove 1.2.2 from the codebase. so it's essentially harmless, but we've got a little tidying up to do.

 

--dave