Everyone,

I've just updated our zlib clone (https://github.com/openvehicles/zlib) to version 1.2.12, fixing a serious security issue (out of bounds access by extracting malicious ZIP data).

To follow you need to do…

git submodule update --recursive

…after your next pull/fetch.

From https://www.zlib.net/:

Version 1.2.12 has these key improvements over 1.2.11:

Fix a deflate bug when using the Z_FIXED strategy that can result in out-of-bound accesses.

Fix a deflate bug when the window is full in deflate_stored().

Speed up CRC-32 computations by a factor of 1.5 to 3.

Use the hardware CRC-32 instruction on ARMv8 processors.

Speed up crc32_combine() with powers of x tables.

Add crc32_combine_gen() and crc32_combine_op() for fast combines.

Due to the bug fixes, any installations of 1.2.11 should be replaced with 1.2.12.

I suggest also checking your other projects for inclusions of zlib.

Regards,
Michael

-- 
Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26