Re: git: dc3509f1aafc - main - zlib: Fix a bug when getting a gzip header extra field with inflate().
Date: Mon, 08 Aug 2022 16:01:21 UTC
On Fri, 5 Aug 2022 at 11:48, Ed Maste <emaste@freebsd.org> wrote: > > On Fri, 5 Aug 2022 at 09:34, Ed Maste <emaste@freebsd.org> wrote: > > > > The branch main has been updated by emaste: > > > > URL: https://cgit.FreeBSD.org/src/commit/?id=dc3509f1aafcd966f3dd9226115cf94b691ff3c7 > > > > commit dc3509f1aafcd966f3dd9226115cf94b691ff3c7 > > Author: Mark Adler <fork@madler.net> > > AuthorDate: 2022-07-30 22:51:11 +0000 > > Commit: Ed Maste <emaste@FreeBSD.org> > > CommitDate: 2022-08-05 02:30:20 +0000 > > > > zlib: Fix a bug when getting a gzip header extra field with inflate(). > > For reference, this is CVE-2022-37434. Code to demonstrate the flaw is > available at https://github.com/ivd38/zlib_overflow > Found by "EL of @intevydis" And there's an issue reported with the change, details at https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 I'll MFC this once this is sorted out and fixed in main.