diff options
| author | Jim Meyering <meyering@fb.com> | 2022-04-04 23:52:49 -0700 |
|---|---|---|
| committer | Jim Meyering <meyering@fb.com> | 2022-04-07 09:28:24 -0700 |
| commit | d74a30d45c6834c8e9f87115197370fe86656d81 (patch) | |
| tree | 73dd415c989912a0bc9299e1441eba98ad07c846 /NEWS | |
| parent | dc9740df61e575e8c3148b7bd3c147a81ea00c7c (diff) | |
| download | gzip-d74a30d45c6834c8e9f87115197370fe86656d81.tar.gz | |
zgrep: add NEWS and tests for this exploitable bug
* tests/zgrep-abuse: New file, based on PoC by cleemy desu wayo.
* tests/Makefile.am (TESTS): Add it.
* NEWS: Mention the exploit.
The bug appears to have been present since the beginning.
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -16,6 +16,9 @@ GNU gzip NEWS -*- outline -*- ** Bug fixes + zgrep applied to a crafted file name with two or more newlines + can no longer overwrite an arbitrary, attacker-selected file. + 'zdiff -C 5' no longer misbehaves by treating '5' as a file name. Configure-time options like --program-prefix now work. |