Date: Mon, 8 Aug 2022 12:01:21 -0400 From: Ed Maste <emaste@freebsd.org> To: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: dc3509f1aafc - main - zlib: Fix a bug when getting a gzip header extra field with inflate(). Message-ID: <CAPyFy2DSQdpBDNEVb=cOCcVY-ks%2BicD9Y%2BG0Hhx8jshxk%2B1pYQ@mail.gmail.com> In-Reply-To: <CAPyFy2C3CtZpXdrpQAjOej5wZsYbmOg%2BHppUVpgiw5rBJRo-HA@mail.gmail.com> References: <202208051334.275DYXuH084110@gitrepo.freebsd.org> <CAPyFy2C3CtZpXdrpQAjOej5wZsYbmOg%2BHppUVpgiw5rBJRo-HA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 5 Aug 2022 at 11:48, Ed Maste <emaste@freebsd.org> wrote: > > On Fri, 5 Aug 2022 at 09:34, Ed Maste <emaste@freebsd.org> wrote: > > > > The branch main has been updated by emaste: > > > > URL: https://cgit.FreeBSD.org/src/commit/?id=dc3509f1aafcd966f3dd9226115cf94b691ff3c7 > > > > commit dc3509f1aafcd966f3dd9226115cf94b691ff3c7 > > Author: Mark Adler <fork@madler.net> > > AuthorDate: 2022-07-30 22:51:11 +0000 > > Commit: Ed Maste <emaste@FreeBSD.org> > > CommitDate: 2022-08-05 02:30:20 +0000 > > > > zlib: Fix a bug when getting a gzip header extra field with inflate(). > > For reference, this is CVE-2022-37434. Code to demonstrate the flaw is > available at https://github.com/ivd38/zlib_overflow > Found by "EL of @intevydis" And there's an issue reported with the change, details at https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 I'll MFC this once this is sorted out and fixed in main.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2DSQdpBDNEVb=cOCcVY-ks%2BicD9Y%2BG0Hhx8jshxk%2B1pYQ>