#5419 closed enhancement (fixed)

zlib-1.3.1

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: normal Milestone: 12.1
Component: Book Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by Xi Ruoyao, 11 months ago

  • Reject overflows of zip header fields in minizip.
  • Fix bug in inflateSync() for data held in bit buffer.
  • Add LIT_MEM define to use more memory for a small deflate speedup.
  • Fix decision on the emission of Zip64 end records in minizip.
  • Add bounds checking to ERR_MSG() macro, used by zError().
  • Neutralize zip file traversal attacks in miniunz.
  • Fix a bug in ZLIB_DEBUG compiles in check_match().

comment:2 by Xi Ruoyao, 11 months ago

Neutralize zip file traversal attacks in miniunz.

This looks like a security fix but we don't install miniunz. Not sure if other fixes have a security implication.

comment:3 by Bruce Dubbs, 11 months ago

Owner: changed from lfs-book to Bruce Dubbs
Status: newassigned

comment:4 by Bruce Dubbs, 11 months ago

Resolution: fixed
Status: assignedclosed

Fixed at commit cdf280e3:

    Update to openssl-3.2.1.
    Update to zlib-1.3.1.
    Update to xz-5.4.6.
    Update to linux-6.7.2.
    Update to iana-etc-20240125.
    Update to binutils-2.42.
    Update to acl-2.3.2.
    Update upstream fixes for readline-8.2.
    Apply upstream fix for bash-5.2.21.
Note: See TracTickets for help on using tickets.