[PATCH] zlib: Port fix for CVE-2018-25032 to U-Boot
Tom Rini
trini at konsulko.com
Tue Jun 7 18:46:08 CEST 2022
On Tue, May 10, 2022 at 02:36:59PM -0400, Tom Rini wrote:
> While our copy of zlib is missing upstream commit 263b1a05b04e ("Allow
> deflatePrime() to insert bits in the middle of a stream.") we do have
> Z_FIXED support, and so the majority of the code changes in 5c44459c3b28
> ("Fix a bug that can crash deflate on some input when using Z_FIXED.")
> apply here directly and cleanly. As this has been assigned a CVE, lets
> go and apply these changes.
>
> Link: https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
> Reported-by: "Gan, Yau Wai" <yau.wai.gan at intel.com>
> Signed-off-by: Tom Rini <trini at konsulko.com>
Applied to u-boot/next, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20220607/c256fa57/attachment.sig>
More information about the U-Boot
mailing list