[PATCH 0/4] zlib: Address CVE-2016-9841

Tom Rini trini at konsulko.com
Thu Mar 28 21:02:03 CET 2024


On Wed, Mar 27, 2024 at 03:14:49PM +0100, Michal Simek wrote:
> Hi,
> 
> it looks like that only CVE-2016-9841 is not fixed and this series is
> trying to address it. The first two patches are just preparation based on
> changes which happened in past. The third one is actual fix and the last
> one is following what has been done in Linux kernel long time ago and don't
> use incorrect zlib version string.
> 
> I tested it with and I can't see any issue.
> ./test/py/test.py --bd sandbox --build -s
> 
> And gitlab CI is also not showing any issue.

Thanks for taking this on. I've given it a quick spin on some Pi
platforms as well as before/after and I see that it's also reducing the
overall binary size everywhere as well.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20240328/2f3c115d/attachment.sig>


More information about the U-Boot mailing list