From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
	id 3199A385840E; Tue, 22 Nov 2022 14:21:44 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3199A385840E
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1669126904;
	bh=mVoKIPrdcfL9n3MQV5CZfFumU+hdFq0lUbnXPMvhIg8=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=WzjFNuIgWl189874HCLaIhAAyzL0mybdEWC7ET+dNIG6xtNKUoYvDyhV0TRr639dO
	 m8GP2EuGMph9/fTF85LBkGXLV0uWefBSKtJpKFpUS5fjQhEo7XqI2U8C2Eu9sT3AZr
	 RdMrtryCR2qAkaUx64NJqjjAr7TCQXm2DOf3WWVE=
From: "vries at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org>
To: gdb-prs@sourceware.org
Subject: [Bug gdb/29467] CVE-2018-25032 : Memory corruption when deflating if
 the input has many distant matches
Date: Tue, 22 Nov 2022 14:21:43 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gdb
X-Bugzilla-Component: gdb
X-Bugzilla-Version: 12.1
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: vries at gcc dot gnu.org
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-29467-4717-2FncENopRS@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-29467-4717@http.sourceware.org/bugzilla/>
References: <bug-29467-4717@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gdb-prs.sourceware.org>

https://sourceware.org/bugzilla/show_bug.cgi?id=3D29467

Tom de Vries <vries at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |nickc at redhat dot com,
                   |                            |vries at gcc dot gnu.org

--- Comment #2 from Tom de Vries <vries at gcc dot gnu.org> ---
(In reply to Gino K Sebastian from comment #1)
> Do we have any update on this CVE?
> Is it still open?

We have:
...
commit 8e6b35366073a1a71df805061ecf016cc915a9f9
Author: Nick Clifton <nickc@redhat.com>
Date:   Tue Apr 12 16:24:10 2022 +0100

    Rebase the zlib sources to the 1.2.12 release
...
so AFAIU the CVE should be fixed in the next release (13.1).

I suppose the problem still exists on 12.1, the version on which this was
reported.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=