The newest upstream commit Security fixes for CVE-2022-1381, CVE-2022-1420
Comment
The newest upstream commit Security fixes for CVE-2022-1381, CVE-2022-1420
Fix CVE-2022-29536
zgrep applied to a crafted file name with two or more newlines can no longer overwrite an arbitrary, attacker-selected file. reproducer: $ touch foo.gz $ echo foo | gzip > “$(printf ‘|\n;e touch pwned\n#.gz’)” $ zgrep foo *.gz (the unfixed version of zgrep creates the file called pwned)
This month’s People of WordPress feature shares the story of developer and e-commerce builder Meher Bala.
59 queries. 8.5 mb Memory usage. 0.778 seconds.