The newest upstream commit Security fixes for CVE-2022-1381, CVE-2022-1420
Comment
Archive for April 30th, 2022
4 results.
Fix CVE-2022-29536
zgrep applied to a crafted file name with two or more newlines can no longer overwrite an arbitrary, attacker-selected file. reproducer: $ touch foo.gz $ echo foo | gzip > “$(printf ‘|\n;e touch pwned\n#.gz’)” $ zgrep foo *.gz (the unfixed version of zgrep creates the file called pwned)
This month’s People of WordPress feature shares the story of developer and e-commerce builder Meher Bala.