diff options
author | Jim Meyering <meyering@fb.com> | 2022-04-07 18:54:23 -0700 |
---|---|---|
committer | Jim Meyering <meyering@fb.com> | 2022-04-07 18:54:23 -0700 |
commit | 83c65d124deba617ec0f5af9f2002b289ac18ba7 (patch) | |
tree | 88d4379bcc2577683f8b44096748c8d606488338 | |
parent | 938c4f50a8abfa1695d71e361c9bfd1d835663ef (diff) | |
download | gzip-83c65d124deba617ec0f5af9f2002b289ac18ba7.tar.gz |
maint: reference CVE-2022-1271 in 1.12's NEWS
* NEWS: Reference newly-assigned CVE number.
* cfg.mk (old_NEWS_hash)
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | cfg.mk | 2 |
2 files changed, 2 insertions, 1 deletions
@@ -21,6 +21,7 @@ GNU gzip NEWS -*- outline -*- zgrep applied to a crafted file name with two or more newlines can no longer overwrite an arbitrary, attacker-selected file. + This addresses CVE-2022-1271, ZDI-CAN-16587. [bug introduced in gzip-1.3.10] zgrep now names input file on error instead of mislabeling it as @@ -40,7 +40,7 @@ bootstrap-tools = autoconf,automake,gnulib # Now that we have better tests, make this the default. export VERBOSE = yes -old_NEWS_hash = d66a67b9fd262869540fcc57b9c94e64 +old_NEWS_hash = 053f232e511b9a95079de114760117a7 sc_obs_header_regex = \ \<(STDC_HEADERS|HAVE_(LIMITS|STRING|UNISTD|STDLIB)_H)\> |