* Re: Fwd: [xz-announce] xzgrep security fix for XZ Utils <= 5.2.5, 5.3.2alpha (ZDI-CAN-16587)
[not found] <08089DC1-FDE5-4B1B-8DFA-AA2234CF24B3@ipfire.org>
@ 2022-04-11 9:57 ` Adolf Belka
2022-04-11 10:16 ` Michael Tremer
0 siblings, 1 reply; 2+ messages in thread
From: Adolf Belka @ 2022-04-11 9:57 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1216 bytes --]
Hi Michael,
On 11/04/2022 10:13, Michael Tremer wrote:
> Who would like to grab this one and update XZ?
>
I'll pick it up.
Regards,
Adolf.
>> Begin forwarded message:
>>
>> *From: *Lasse Collin <lasse.collin(a)tukaani.org>
>> *Subject: **[xz-announce] xzgrep security fix for XZ Utils <= 5.2.5, 5.3.2alpha (ZDI-CAN-16587)*
>> *Date: *7 April 2022 at 18:10:50 BST
>> *To: *xz-announce(a)tukaani.org
>>
>> Malicious filenames can make xzgrep to write to arbitrary files
>> or (with a GNU sed extension) lead to arbitrary code execution.
>>
>> xzgrep from XZ Utils versions up to and including 5.2.5 are
>> affected. 5.3.1alpha and 5.3.2alpha are affected as well.
>> This patch works for all of them.
>>
>> This bug was inherited from gzip's zgrep. gzip 1.12 includes
>> a fix for zgrep.
>>
>> This vulnerability was discovered by:
>> cleemy desu wayo working with Trend Micro Zero Day Initiative
>>
>> The patch and signature are available here:
>>
>> https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch
>> https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch.sig
>>
>> It is also linked from the XZ Utils home page <https://tukaani.org/xz/>.
>>
>> --
>> Lasse Collin
>>
>
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [xz-announce] xzgrep security fix for XZ Utils <= 5.2.5, 5.3.2alpha (ZDI-CAN-16587)
2022-04-11 9:57 ` Fwd: [xz-announce] xzgrep security fix for XZ Utils <= 5.2.5, 5.3.2alpha (ZDI-CAN-16587) Adolf Belka
@ 2022-04-11 10:16 ` Michael Tremer
0 siblings, 0 replies; 2+ messages in thread
From: Michael Tremer @ 2022-04-11 10:16 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1376 bytes --]
Thank you!
> On 11 Apr 2022, at 10:57, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>
> Hi Michael,
>
> On 11/04/2022 10:13, Michael Tremer wrote:
>> Who would like to grab this one and update XZ?
>>
> I'll pick it up.
>
>
> Regards,
>
> Adolf.
>
>>> Begin forwarded message:
>>>
>>> *From: *Lasse Collin <lasse.collin(a)tukaani.org>
>>> *Subject: **[xz-announce] xzgrep security fix for XZ Utils <= 5.2.5, 5.3.2alpha (ZDI-CAN-16587)*
>>> *Date: *7 April 2022 at 18:10:50 BST
>>> *To: *xz-announce(a)tukaani.org
>>>
>>> Malicious filenames can make xzgrep to write to arbitrary files
>>> or (with a GNU sed extension) lead to arbitrary code execution.
>>>
>>> xzgrep from XZ Utils versions up to and including 5.2.5 are
>>> affected. 5.3.1alpha and 5.3.2alpha are affected as well.
>>> This patch works for all of them.
>>>
>>> This bug was inherited from gzip's zgrep. gzip 1.12 includes
>>> a fix for zgrep.
>>>
>>> This vulnerability was discovered by:
>>> cleemy desu wayo working with Trend Micro Zero Day Initiative
>>>
>>> The patch and signature are available here:
>>>
>>> https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch
>>> https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch.sig
>>>
>>> It is also linked from the XZ Utils home page <https://tukaani.org/xz/>.
>>>
>>> --
>>> Lasse Collin
>>>
>>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-04-11 10:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <08089DC1-FDE5-4B1B-8DFA-AA2234CF24B3@ipfire.org>
2022-04-11 9:57 ` Fwd: [xz-announce] xzgrep security fix for XZ Utils <= 5.2.5, 5.3.2alpha (ZDI-CAN-16587) Adolf Belka
2022-04-11 10:16 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox