[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[TSVN] Re: zlib security flaw?

From: Philip Martin <philip_at_codematters.co.uk>
Date: 2005-07-09 22:20:35 CEST

Branko ╚ibej <brane@xbc.nu> writes:

> Yes, I found that patch after I posted the above, but the problem is
> that I don't understand it -- in other words, I've no ides if it's
> correct.

Debian appear to use the same patch:

$ interdiff zlib_1.2.2-4.diff zlib_1.2.2-4.sarge.1.diff
diff -u zlib-1.2.2/debian/changelog zlib-1.2.2/debian/changelog
--- zlib-1.2.2/debian/changelog
+++ zlib-1.2.2/debian/changelog
@@ -1,3 +1,9 @@
+zlib (1:1.2.2-4.sarge.1) stable-security; urgency=high
+
+ * [SECURITY] code set check in inftrees.c
+
+ -- Michael Stone <mstone@debian.org> Sat, 02 Jul 2005 22:26:52 -0400
+
 zlib (1:1.2.2-4) unstable; urgency=low
 
   * Run dh_installdeb before dh_shlibdeps (closes: #282882).
only in patch2:
unchanged:
--- zlib-1.2.2.orig/debian/patches/020-codeset-check
+++ zlib-1.2.2/debian/patches/020-codeset-check
@@ -0,0 +1,11 @@
+--- zlib-1.2.2.orig/inftrees.c 2004-09-15 15:30:06.000000000 +0100
++++ zlib-1.2.2/inftrees.c 2005-07-02 14:42:24.270321629 +0100
+@@ -134,7 +134,7 @@
+ left -= count[len];
+ if (left < 0) return -1; /* over-subscribed */
+ }
+- if (left > 0 && (type == CODES || (codes - count[0] != 1)))
++ if (left > 0 && (type == CODES || max != 1))
+ return -1; /* incomplete set */
+
+ /* generate offsets into symbol table for each length for sorting */

-- 
Philip Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Sat Jul 9 22:43:00 2005

This is an archived mail posted to the TortoiseSVN Dev mailing list.