public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed
* [Bug gdb/29467] New: CVE-2018-25032 : Memory corruption when deflating if the input has many distant matches
@ 2022-08-10 14:18 vishnu.sarath at ashling dot com
2022-08-10 14:20 ` [Bug gdb/29467] " vishnu.sarath at ashling dot com
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: vishnu.sarath at ashling dot com @ 2022-08-10 14:18 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=29467
Bug ID: 29467
Summary: CVE-2018-25032 : Memory corruption when deflating if
the input has many distant matches
Product: gdb
Version: 12.1
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: gdb
Assignee: unassigned at sourceware dot org
Reporter: vishnu.sarath at ashling dot com
Target Milestone: ---
Hi,
The latest version of GDB : 12.1 uses the zlib version 1.2.11 which is having
the CVE : CVE-2018-25032 open. This CVE seems to be fixed in the zlib version
1.2.12. Can we start using the new version of zlib from next release version of
ARM GDB?
Thanks,
Vishnu
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug gdb/29467] CVE-2018-25032 : Memory corruption when deflating if the input has many distant matches
2022-08-10 14:18 [Bug gdb/29467] New: CVE-2018-25032 : Memory corruption when deflating if the input has many distant matches vishnu.sarath at ashling dot com
@ 2022-08-10 14:20 ` vishnu.sarath at ashling dot com
2022-11-22 13:07 ` ginoks at gmail dot com
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: vishnu.sarath at ashling dot com @ 2022-08-10 14:20 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=29467
Vishnu Sarath <vishnu.sarath at ashling dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |vishnu.sarath at ashling dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug gdb/29467] CVE-2018-25032 : Memory corruption when deflating if the input has many distant matches
2022-08-10 14:18 [Bug gdb/29467] New: CVE-2018-25032 : Memory corruption when deflating if the input has many distant matches vishnu.sarath at ashling dot com
2022-08-10 14:20 ` [Bug gdb/29467] " vishnu.sarath at ashling dot com
@ 2022-11-22 13:07 ` ginoks at gmail dot com
2022-11-22 14:21 ` vries at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: ginoks at gmail dot com @ 2022-11-22 13:07 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=29467
Gino K Sebastian <ginoks at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ginoks at gmail dot com
--- Comment #1 from Gino K Sebastian <ginoks at gmail dot com> ---
Do we have any update on this CVE?
Is it still open?
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug gdb/29467] CVE-2018-25032 : Memory corruption when deflating if the input has many distant matches
2022-08-10 14:18 [Bug gdb/29467] New: CVE-2018-25032 : Memory corruption when deflating if the input has many distant matches vishnu.sarath at ashling dot com
2022-08-10 14:20 ` [Bug gdb/29467] " vishnu.sarath at ashling dot com
2022-11-22 13:07 ` ginoks at gmail dot com
@ 2022-11-22 14:21 ` vries at gcc dot gnu.org
2022-11-22 14:22 ` vries at gcc dot gnu.org
2022-11-22 17:41 ` tromey at sourceware dot org
4 siblings, 0 replies; 6+ messages in thread
From: vries at gcc dot gnu.org @ 2022-11-22 14:21 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=29467
Tom de Vries <vries at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |nickc at redhat dot com,
| |vries at gcc dot gnu.org
--- Comment #2 from Tom de Vries <vries at gcc dot gnu.org> ---
(In reply to Gino K Sebastian from comment #1)
> Do we have any update on this CVE?
> Is it still open?
We have:
...
commit 8e6b35366073a1a71df805061ecf016cc915a9f9
Author: Nick Clifton <nickc@redhat.com>
Date: Tue Apr 12 16:24:10 2022 +0100
Rebase the zlib sources to the 1.2.12 release
...
so AFAIU the CVE should be fixed in the next release (13.1).
I suppose the problem still exists on 12.1, the version on which this was
reported.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug gdb/29467] CVE-2018-25032 : Memory corruption when deflating if the input has many distant matches
2022-08-10 14:18 [Bug gdb/29467] New: CVE-2018-25032 : Memory corruption when deflating if the input has many distant matches vishnu.sarath at ashling dot com
` (2 preceding siblings ...)
2022-11-22 14:21 ` vries at gcc dot gnu.org
@ 2022-11-22 14:22 ` vries at gcc dot gnu.org
2022-11-22 17:41 ` tromey at sourceware dot org
4 siblings, 0 replies; 6+ messages in thread
From: vries at gcc dot gnu.org @ 2022-11-22 14:22 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=29467
--- Comment #3 from Tom de Vries <vries at gcc dot gnu.org> ---
(In reply to Tom de Vries from comment #2)
> I suppose the problem still exists on 12.1, the version on which this was
> reported.
And, I forgot to add, I don't think a 12.2 is planned.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug gdb/29467] CVE-2018-25032 : Memory corruption when deflating if the input has many distant matches
2022-08-10 14:18 [Bug gdb/29467] New: CVE-2018-25032 : Memory corruption when deflating if the input has many distant matches vishnu.sarath at ashling dot com
` (3 preceding siblings ...)
2022-11-22 14:22 ` vries at gcc dot gnu.org
@ 2022-11-22 17:41 ` tromey at sourceware dot org
4 siblings, 0 replies; 6+ messages in thread
From: tromey at sourceware dot org @ 2022-11-22 17:41 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=29467
Tom Tromey <tromey at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tromey at sourceware dot org
Target Milestone|--- |13.1
Status|UNCONFIRMED |RESOLVED
Resolution|--- |FIXED
--- Comment #4 from Tom Tromey <tromey at sourceware dot org> ---
I think we can just close this, since it sounds like the fix is
already checked in.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-11-22 17:41 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-10 14:18 [Bug gdb/29467] New: CVE-2018-25032 : Memory corruption when deflating if the input has many distant matches vishnu.sarath at ashling dot com
2022-08-10 14:20 ` [Bug gdb/29467] " vishnu.sarath at ashling dot com
2022-11-22 13:07 ` ginoks at gmail dot com
2022-11-22 14:21 ` vries at gcc dot gnu.org
2022-11-22 14:22 ` vries at gcc dot gnu.org
2022-11-22 17:41 ` tromey at sourceware dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).