Opened 11 months ago
Closed 11 months ago
#5419 closed enhancement (fixed)
zlib-1.3.1
Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
---|---|---|---|
Priority: | normal | Milestone: | 12.1 |
Component: | Book | Version: | git |
Severity: | normal | Keywords: | |
Cc: |
Description
New point version.
Change History (4)
comment:1 by , 11 months ago
- Reject overflows of zip header fields in minizip.
- Fix bug in inflateSync() for data held in bit buffer.
- Add LIT_MEM define to use more memory for a small deflate speedup.
- Fix decision on the emission of Zip64 end records in minizip.
- Add bounds checking to ERR_MSG() macro, used by zError().
- Neutralize zip file traversal attacks in miniunz.
- Fix a bug in ZLIB_DEBUG compiles in check_match().
comment:2 by , 11 months ago
Neutralize zip file traversal attacks in miniunz.
This looks like a security fix but we don't install miniunz. Not sure if other fixes have a security implication.
comment:3 by , 11 months ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:4 by , 11 months ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Fixed at commit cdf280e3:
Update to openssl-3.2.1. Update to zlib-1.3.1. Update to xz-5.4.6. Update to linux-6.7.2. Update to iana-etc-20240125. Update to binutils-2.42. Update to acl-2.3.2. Update upstream fixes for readline-8.2. Apply upstream fix for bash-5.2.21.
Note:
See TracTickets
for help on using tickets.