Everyone,

I've just updated our zlib clone (https://github.com/openvehicles/zlib) to version 1.2.12, fixing a serious security issue (out of bounds access by extracting malicious ZIP data).

To follow you need to do…

git submodule update --recursive

…after your next pull/fetch.

From https://www.zlib.net/:

Version 1.2.12 has these key improvements over 1.2.11:

• Fix a deflate bug when using theZ_FIXEDstrategy that can result in out-of-bound accesses.
• Fix a deflate bug when the window is full indeflate_stored().
• Speed up CRC-32 computations by a factor of 1.5 to 3.
• Use the hardware CRC-32 instruction on ARMv8 processors.
• Speed upcrc32_combine()with powers of/x/tables.
• Addcrc32_combine_gen()andcrc32_combine_op()for fast combines.

/Due to the bug fixes, any installations of 1.2.11 should be replaced with 1.2.12./

I suggest also checking your other projects for inclusions of zlib.

Regards, Michael

-- Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal Fon 02333 / 833 5735 * Handy 0176 / 206 989 26