Closed
Bug 258009
Opened 20 years ago
Closed 20 years ago
DoS vulnerability in zlib-1.2.1
Categories
(Core :: Graphics: ImageLib, defect)
Core
Graphics: ImageLib
Tracking
()
VERIFIED
FIXED
People
(Reporter: glennrp+bmo, Assigned: glennrp+bmo)
References
()
Details
(Whiteboard: [sg:fix])
Attachments
(1 file, 1 obsolete file)
|
1.87 KB,
patch
|
tor
:
review+
dveditz
:
superreview+
|
Details | Diff | Splinter Review |
A newly disclosed DoS vulnerability is reported to exist in zlib-1.2.1.
It has been published openly at the openpkg URL mentioned above.
A simple patch is available. I'm not sure whether the patch has been made
public. For now I'm marking the bug as a "security problem".
|
Assignee | |
Comment 1•20 years ago
|
||
zlib patch as received from CERT. Needs to be converted to a mozilla patch.
Assignee: pavlov → glennrp
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 2•20 years ago
|
||
Reducing severity to normal because zlib-1.2.1 hasn't landed yet. Marking
as blocking bug #248644. If someone uses the system lib they might be vulnerable.
This issue has been assigned CVE# CAN-2004-0797 and CERT VU #238678.
Severity: major → normal
|
|
Assignee | |
Comment 3•20 years ago
|
||
Oops, 1.2.1 did land recently, see bug #226733
The zlib developers are planning to release version 1.2.2 soon with the
vulnerability fixed.
|
|
Assignee | |
Comment 4•20 years ago
|
||
Patch updated to mozilla style; also updates ChangelogMoz, does not update
irrelevant contrib file.
Attachment #157880 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 5•20 years ago
|
||
Comment on attachment 157886 [details] [diff] [review]
Patch for zlib-1.2.1 in Mozilla trunk
tor: r?
Attachment #157886 -
Flags: review?(tor)
|
||
Updated•20 years ago
|
Flags: blocking1.7.x+
Flags: blocking-aviary1.0PR+
Attachment #157886 -
Flags: review?(tor) → review+
|
||
Comment 7•20 years ago
|
||
Comment on attachment 157886 [details] [diff] [review]
Patch for zlib-1.2.1 in Mozilla trunk
sr=dveditz
a=dveditz for 1.7 branch
Attachment #157886 -
Flags: superreview+
Attachment #157886 -
Flags: approval1.7.x+
|
|
||
Updated•20 years ago
|
Whiteboard: [sg:fix]
Attachment #157886 -
Flags: approval-aviary?
|
||
Comment 8•20 years ago
|
||
Comment on attachment 157886 [details] [diff] [review]
Patch for zlib-1.2.1 in Mozilla trunk
a=ben@mozilla.org
Attachment #157886 -
Flags: approval-aviary? → approval-aviary+
|
|
||
Comment 9•20 years ago
|
||
Clearing 1.7 and aviary blocking flags. Those branches do not have 1.2.1,
they're still using 1.1.4
Flags: blocking1.7.x+
Flags: blocking-aviary1.0PR+
|
||
Comment 10•20 years ago
|
||
Checked in on trunk.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 11•20 years ago
|
||
zlib 1.2.2 has been released. See bug #248644.
|
||
Updated•20 years ago
|
Attachment #157886 -
Flags: approval1.7.x+
Attachment #157886 -
Flags: approval-aviary+
|
|
Assignee | |
Updated•19 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•