Opened 22 months ago
Closed 22 months ago
#5419 closed enhancement (fixed)
zlib-1.3.1
| Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | normal | Milestone: | 12.1 |
| Component: | Book | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (4)
comment:1 by , 22 months ago
- Reject overflows of zip header fields in minizip.
- Fix bug in inflateSync() for data held in bit buffer.
- Add LIT_MEM define to use more memory for a small deflate speedup.
- Fix decision on the emission of Zip64 end records in minizip.
- Add bounds checking to ERR_MSG() macro, used by zError().
- Neutralize zip file traversal attacks in miniunz.
- Fix a bug in ZLIB_DEBUG compiles in check_match().
comment:2 by , 22 months ago
Neutralize zip file traversal attacks in miniunz.
This looks like a security fix but we don't install miniunz. Not sure if other fixes have a security implication.
comment:3 by , 22 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:4 by , 22 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at commit cdf280e3:
Update to openssl-3.2.1.
Update to zlib-1.3.1.
Update to xz-5.4.6.
Update to linux-6.7.2.
Update to iana-etc-20240125.
Update to binutils-2.42.
Update to acl-2.3.2.
Update upstream fixes for readline-8.2.
Apply upstream fix for bash-5.2.21.
Note:
See TracTickets
for help on using tickets.
