* Re: Fwd: [xz-announce] xzgrep security fix for XZ Utils <= 5.2.5, 5.3.2alpha (ZDI-CAN-16587) [not found] <08089DC1-FDE5-4B1B-8DFA-AA2234CF24B3@ipfire.org> @ 2022-04-11 9:57 ` Adolf Belka 2022-04-11 10:16 ` Michael Tremer 0 siblings, 1 reply; 2+ messages in thread From: Adolf Belka @ 2022-04-11 9:57 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 1216 bytes --] Hi Michael, On 11/04/2022 10:13, Michael Tremer wrote: > Who would like to grab this one and update XZ? > I'll pick it up. Regards, Adolf. >> Begin forwarded message: >> >> *From: *Lasse Collin <lasse.collin(a)tukaani.org> >> *Subject: **[xz-announce] xzgrep security fix for XZ Utils <= 5.2.5, 5.3.2alpha (ZDI-CAN-16587)* >> *Date: *7 April 2022 at 18:10:50 BST >> *To: *xz-announce(a)tukaani.org >> >> Malicious filenames can make xzgrep to write to arbitrary files >> or (with a GNU sed extension) lead to arbitrary code execution. >> >> xzgrep from XZ Utils versions up to and including 5.2.5 are >> affected. 5.3.1alpha and 5.3.2alpha are affected as well. >> This patch works for all of them. >> >> This bug was inherited from gzip's zgrep. gzip 1.12 includes >> a fix for zgrep. >> >> This vulnerability was discovered by: >> cleemy desu wayo working with Trend Micro Zero Day Initiative >> >> The patch and signature are available here: >> >> https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch >> https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch.sig >> >> It is also linked from the XZ Utils home page <https://tukaani.org/xz/>. >> >> -- >> Lasse Collin >> > ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [xz-announce] xzgrep security fix for XZ Utils <= 5.2.5, 5.3.2alpha (ZDI-CAN-16587) 2022-04-11 9:57 ` Fwd: [xz-announce] xzgrep security fix for XZ Utils <= 5.2.5, 5.3.2alpha (ZDI-CAN-16587) Adolf Belka @ 2022-04-11 10:16 ` Michael Tremer 0 siblings, 0 replies; 2+ messages in thread From: Michael Tremer @ 2022-04-11 10:16 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 1376 bytes --] Thank you! > On 11 Apr 2022, at 10:57, Adolf Belka <adolf.belka(a)ipfire.org> wrote: > > Hi Michael, > > On 11/04/2022 10:13, Michael Tremer wrote: >> Who would like to grab this one and update XZ? >> > I'll pick it up. > > > Regards, > > Adolf. > >>> Begin forwarded message: >>> >>> *From: *Lasse Collin <lasse.collin(a)tukaani.org> >>> *Subject: **[xz-announce] xzgrep security fix for XZ Utils <= 5.2.5, 5.3.2alpha (ZDI-CAN-16587)* >>> *Date: *7 April 2022 at 18:10:50 BST >>> *To: *xz-announce(a)tukaani.org >>> >>> Malicious filenames can make xzgrep to write to arbitrary files >>> or (with a GNU sed extension) lead to arbitrary code execution. >>> >>> xzgrep from XZ Utils versions up to and including 5.2.5 are >>> affected. 5.3.1alpha and 5.3.2alpha are affected as well. >>> This patch works for all of them. >>> >>> This bug was inherited from gzip's zgrep. gzip 1.12 includes >>> a fix for zgrep. >>> >>> This vulnerability was discovered by: >>> cleemy desu wayo working with Trend Micro Zero Day Initiative >>> >>> The patch and signature are available here: >>> >>> https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch >>> https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch.sig >>> >>> It is also linked from the XZ Utils home page <https://tukaani.org/xz/>. >>> >>> -- >>> Lasse Collin >>> >> ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-04-11 10:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <08089DC1-FDE5-4B1B-8DFA-AA2234CF24B3@ipfire.org>
2022-04-11 9:57 ` Fwd: [xz-announce] xzgrep security fix for XZ Utils <= 5.2.5, 5.3.2alpha (ZDI-CAN-16587) Adolf Belka
2022-04-11 10:16 ` Michael Tremer
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox