-
zlib (1:1.2.11.dfsg-0ubuntu2.2) bionic-security; urgency=medium
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2022-37434-1.patch: in inflate.c, add an extra
condition to check if state->head->extra_max is greater than len
before copying, and move the len assignment to be placed before the
check.
- debian/patches/CVE-2022-37434-2.patch: in the previous patch, in
inflate.c, the place of the len assignment was causing issues so it
was moved to be placed within the check.
- CVE-2022-37434
-- Rodrigo Figueiredo Zaiden <email address hidden> Tue, 16 Aug 2022 19:08:38 -0300
-
zlib (1:1.2.11.dfsg-0ubuntu2.1) bionic-security; urgency=medium
* SECURITY UPDATE: memory corruption when deflating
- debian/patches/CVE-2018-25032-1.patch: fix a bug that can crash
deflate on some input when using Z_FIXED in deflate.c, deflate.h.
- debian/patches/CVE-2018-25032-2.patch: assure that the number of bits
for deflatePrime() is valid in deflate.c.
- CVE-2018-25032
-- Marc Deslauriers <email address hidden> Sat, 26 Mar 2022 14:21:23 -0400
-
zlib (1:1.2.11.dfsg-0ubuntu2) artful; urgency=medium
* Add upstream patch to fix deflateParams().
Upstream commit: f9694097dd69354b03cb8af959094c7f260db0a1
LP: #1692870
* Drop empty patch debian/patches/use-dso
-- Jean-Louis Dupond <email address hidden> Tue, 23 May 2017 13:32:29 +0200
