maint: reference CVE-2022-1271 in 1.12's NEWS

* NEWS: Reference newly-assigned CVE number. * cfg.mk (old_NEWS_hash)
author: Jim Meyering <meyering@fb.com> 2022-04-07 18:54:23 -0700
committer: Jim Meyering <meyering@fb.com> 2022-04-07 18:54:23 -0700
commit: 83c65d124deba617ec0f5af9f2002b289ac18ba7 (patch)
tree: 88d4379bcc2577683f8b44096748c8d606488338
parent: 938c4f50a8abfa1695d71e361c9bfd1d835663ef (diff)
download: gzip-83c65d124deba617ec0f5af9f2002b289ac18ba7.tar.gz
2 files changed, 2 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 837a592..1074c66 100644
--- a/NEWS
+++ b/NEWS
@@ -21,6 +21,7 @@ GNU gzip NEWS                                    -*- outline -*-
 
   zgrep applied to a crafted file name with two or more newlines
   can no longer overwrite an arbitrary, attacker-selected file.
+  This addresses CVE-2022-1271, ZDI-CAN-16587.
   [bug introduced in gzip-1.3.10]
 
   zgrep now names input file on error instead of mislabeling it as
diff --git a/cfg.mk b/cfg.mk
index 74f094b..2f00e77 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -40,7 +40,7 @@ bootstrap-tools = autoconf,automake,gnulib
 # Now that we have better tests, make this the default.
 export VERBOSE = yes
 
-old_NEWS_hash = d66a67b9fd262869540fcc57b9c94e64
+old_NEWS_hash = 053f232e511b9a95079de114760117a7
 
 sc_obs_header_regex = \
   \<(STDC_HEADERS|HAVE_(LIMITS|STRING|UNISTD|STDLIB)_H)\>
author	Jim Meyering <meyering@fb.com>	2022-04-07 18:54:23 -0700
committer	Jim Meyering <meyering@fb.com>	2022-04-07 18:54:23 -0700
commit	83c65d124deba617ec0f5af9f2002b289ac18ba7 (patch)
tree	88d4379bcc2577683f8b44096748c8d606488338
parent	938c4f50a8abfa1695d71e361c9bfd1d835663ef (diff)
download	gzip-83c65d124deba617ec0f5af9f2002b289ac18ba7.tar.gz