Reference to a security vulnerability

On the page (link below) there is reference to a possible security vulnerability if the default value for Root.ZipMode: were set to 0 in the .rootrc file. Where can I find additional information on this? … hrev=20130
# Select the compression algorithm (0=old zlib, 1=new zlib)
# Note, setting this to `0’ may be a security vulnerability.
Root.ZipMode: 1

Stan Forrester



For more Google “zlib cert”, it advices to update to 1.2.3 which we are using.

You can also search on zlib on the following link to turn up a description and example exploits:


Thank you