[PATCH 0/4] zlib: Address CVE-2016-9841

Michal Simek michal.simek at amd.com
Wed Mar 27 15:14:49 CET 2024


Hi,

it looks like that only CVE-2016-9841 is not fixed and this series is
trying to address it. The first two patches are just preparation based on
changes which happened in past. The third one is actual fix and the last
one is following what has been done in Linux kernel long time ago and don't
use incorrect zlib version string.

I tested it with and I can't see any issue.
./test/py/test.py --bd sandbox --build -s

And gitlab CI is also not showing any issue.

Thanks,
Michal


Michal Simek (4):
  zlib: Rename this variable to here (current decoding table entry)
  zlib: Rename write variable to wnext (window write index)
  zlib: Port fix for CVE-2016-9841 to U-Boot
  zlib: Remove incorrect ZLIB_VERSION

 include/u-boot/zlib.h |  16 ++--
 lib/gzip.c            |   2 +-
 lib/zlib/deflate.c    |  13 +---
 lib/zlib/inffast.c    | 176 ++++++++++++++++--------------------------
 lib/zlib/inflate.c    |  31 ++++----
 lib/zlib/inflate.h    |   2 +-
 lib/zlib/zutil.c      |   1 -
 7 files changed, 90 insertions(+), 151 deletions(-)

-- 
2.44.0



More information about the U-Boot mailing list