On Fri, 5 Aug 2022 at 11:48, Ed Maste <[email protected]> wrote: > > On Fri, 5 Aug 2022 at 09:34, Ed Maste <[email protected]> wrote: > > > > The branch main has been updated by emaste: > > > > URL: > > https://cgit.FreeBSD.org/src/commit/?id=dc3509f1aafcd966f3dd9226115cf94b691ff3c7 > > > > commit dc3509f1aafcd966f3dd9226115cf94b691ff3c7 > > Author: Mark Adler <[email protected]> > > AuthorDate: 2022-07-30 22:51:11 +0000 > > Commit: Ed Maste <[email protected]> > > CommitDate: 2022-08-05 02:30:20 +0000 > > > > zlib: Fix a bug when getting a gzip header extra field with inflate(). > > For reference, this is CVE-2022-37434. Code to demonstrate the flaw is > available at https://github.com/ivd38/zlib_overflow > Found by "EL of @intevydis"
And there's an issue reported with the change, details at https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 I'll MFC this once this is sorted out and fixed in main.
