[ubuntu/xenial-security] zlib 1:1.2.8.dfsg-2ubuntu4.3 (Accepted)
Avital Ostromich
avital.ostromich at canonical.com
Wed Jan 22 16:58:09 UTC 2020
zlib (1:1.2.8.dfsg-2ubuntu4.3) xenial-security; urgency=medium
* SECURITY UPDATE: improper pointer arithmetic might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9840.patch: remove offset pointer optimization
in inftrees.c
- CVE-2016-9840
* SECURITY UPDATE: improper pointer arithmetic might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9841.patch: use post-increment only in inffast.c
- CVE-2016-9841
* SECURITY UPDATE: vectors involving left shifts of negative integers might
allow context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9842_1.patch: avoid shifts of negative values in
inflateMark()
- debian/patches/CVE-2016-9842_2.patch: avoid casting an out-of-range
value to long
- CVE-2016-9842
* SECURITY UPDATE: vectors involving big-endian CRC calculation might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9843.patch: avoid pre-decrement of pointer in
big-endian CRC calculation
- CVE-2016-9843
Date: 2020-01-21 19:12:14.485405+00:00
Changed-By: Avital Ostromich <avital.ostromich at canonical.com>
https://launchpad.net/ubuntu/+source/zlib/1:1.2.8.dfsg-2ubuntu4.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list