Patched zlib security hole discussed here:
authorRyan C. Gordon <icculus@icculus.org>
Wed, 13 Jul 2005 15:10:00 +0000
changeset 710 ab230d349bf1
parent 709 440369665d77
child 711 78ef22ce8231
Patched zlib security hole discussed here: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096
CHANGELOG
zlib122/inftrees.c
--- a/CHANGELOG	Wed Jul 13 15:06:21 2005 +0000
+++ b/CHANGELOG	Wed Jul 13 15:10:00 2005 +0000
@@ -2,7 +2,8 @@
  * CHANGELOG.
  */
 
-07132005 - Updated zlib to 1.2.2.
+07132005 - Updated zlib to 1.2.2, and patched it for this security hole:
+           http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096
 06122005 - Added support for mingw to Unix build process (thanks, Matze!).
 03162005 - Added missing translation and Portuguese support (thanks, Danny!).
            MPW support and several MacOS Classic fixes (thanks, Chris!).
--- a/zlib122/inftrees.c	Wed Jul 13 15:06:21 2005 +0000
+++ b/zlib122/inftrees.c	Wed Jul 13 15:10:00 2005 +0000
@@ -134,7 +134,7 @@
         left -= count[len];
         if (left < 0) return -1;        /* over-subscribed */
     }
-    if (left > 0 && (type == CODES || (codes - count[0] != 1)))
+    if (left > 0 && (type == CODES || max != 1))
         return -1;                      /* incomplete set */
 
     /* generate offsets into symbol table for each length for sorting */