diff options
author | Jim Meyering <meyering@fb.com> | 2022-04-04 23:52:49 -0700 |
---|---|---|
committer | Jim Meyering <meyering@fb.com> | 2022-04-07 09:28:24 -0700 |
commit | d74a30d45c6834c8e9f87115197370fe86656d81 (patch) | |
tree | 73dd415c989912a0bc9299e1441eba98ad07c846 /NEWS | |
parent | dc9740df61e575e8c3148b7bd3c147a81ea00c7c (diff) | |
download | gzip-d74a30d45c6834c8e9f87115197370fe86656d81.tar.gz |
zgrep: add NEWS and tests for this exploitable bug
* tests/zgrep-abuse: New file, based on PoC by cleemy desu wayo.
* tests/Makefile.am (TESTS): Add it.
* NEWS: Mention the exploit.
The bug appears to have been present since the beginning.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -16,6 +16,9 @@ GNU gzip NEWS -*- outline -*- ** Bug fixes + zgrep applied to a crafted file name with two or more newlines + can no longer overwrite an arbitrary, attacker-selected file. + 'zdiff -C 5' no longer misbehaves by treating '5' as a file name. Configure-time options like --program-prefix now work. |