[PATCH 0/4] zlib: Address CVE-2016-9841
Michal Simek
michal.simek at amd.com
Wed Mar 27 15:14:49 CET 2024
Hi,
it looks like that only CVE-2016-9841 is not fixed and this series is
trying to address it. The first two patches are just preparation based on
changes which happened in past. The third one is actual fix and the last
one is following what has been done in Linux kernel long time ago and don't
use incorrect zlib version string.
I tested it with and I can't see any issue.
./test/py/test.py --bd sandbox --build -s
And gitlab CI is also not showing any issue.
Thanks,
Michal
Michal Simek (4):
zlib: Rename this variable to here (current decoding table entry)
zlib: Rename write variable to wnext (window write index)
zlib: Port fix for CVE-2016-9841 to U-Boot
zlib: Remove incorrect ZLIB_VERSION
include/u-boot/zlib.h | 16 ++--
lib/gzip.c | 2 +-
lib/zlib/deflate.c | 13 +---
lib/zlib/inffast.c | 176 ++++++++++++++++--------------------------
lib/zlib/inflate.c | 31 ++++----
lib/zlib/inflate.h | 2 +-
lib/zlib/zutil.c | 1 -
7 files changed, 90 insertions(+), 151 deletions(-)
--
2.44.0
More information about the U-Boot
mailing list