]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
gzip: fix CVE-2022-1271
authorRalph Siemsen <ralph.siemsen@linaro.org>
Sat, 9 Apr 2022 02:17:23 +0000 (22:17 -0400)
committerSteve Sakoman <steve@sakoman.com>
Mon, 11 Apr 2022 14:08:00 +0000 (04:08 -1000)
commitb7f0696bc60409af215549d26621526c1a93a002
tree7f0deae5c9e072028f755a859d99f69bc099d6ac
parent1c68d33f4742df9bcec7d1032dab61d676f86371
gzip: fix CVE-2022-1271

zgrep applied to a crafted file name with two or more newlines
can no longer overwrite an arbitrary, attacker-selected file.

Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=dc9740df61e575e8c3148b7bd3c147a81ea00c7c]
CVE: CVE-2022-1271

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-extended/gzip/gzip-1.10/CVE-2022-1271.patch [new file with mode: 0644]
meta/recipes-extended/gzip/gzip_1.10.bb