]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commit
projects / people / pmueller / ipfire-2.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f1b0673) | patch
xz: Apply patch to solve security fix (ZDI-CAN-16587)
authorAdolf Belka <adolf.belka@ipfire.org>
Mon, 11 Apr 2022 13:40:00 +0000 (15:40 +0200)
committerPeter Müller <peter.mueller@ipfire.org>
Mon, 11 Apr 2022 19:02:31 +0000 (19:02 +0000)
commitbc82eb79b111eb2dbca250530e8a7171fb86e46c
treede06e299ed2fa93cdaa3d328d744589bd5cff73btree | snapshot
parentf1b067357224363b138eb8e2b74822051adbc9efcommit | diff
xz: Apply patch to solve security fix (ZDI-CAN-16587)

- Malicious filenames can make xzgrep to write to arbitrary files
   or (with a GNU sed extension) lead to arbitrary code execution.
- xzgrep from XZ Utils versions up to and including 5.2.5 are
   affected. 5.3.1alpha and 5.3.2alpha are affected as well.
- This bug was inherited from gzip's zgrep. gzip 1.12 includes
   a fix for zgrep.
- CU167 has gzip-1.12 with the fix already merged.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
lfs/xz diff | blob | blame | history
src/patches/xzgrep-ZDI-CAN-16587.patch [new file with mode: 0644] blob
Peter's tree of IPFire 2.x