diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-03-25 03:08:25 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-25 03:08:25 -0700 |
| commit | 95ef8a6f0398e8c62f9d1281638ec95823336c6a (patch) | |
| tree | 8d1b78f4d0b0d8225cd764de7537a281ca9b937e /vendor/github.com/ulikunitz/xz/TODO.md | |
| parent | dd32fa833e932959caf4e1dc1b8b060e6372d8bc (diff) | |
| parent | 9a899da16080df0354e65decfc06dddeefa7920d (diff) | |
| download | podman-95ef8a6f0398e8c62f9d1281638ec95823336c6a.tar.gz podman-95ef8a6f0398e8c62f9d1281638ec95823336c6a.tar.bz2 podman-95ef8a6f0398e8c62f9d1281638ec95823336c6a.zip | |
Merge pull request #9811 from containers/dependabot/go_modules/github.com/containers/storage-1.28.1
Bump github.com/containers/storage from 1.28.0 to 1.28.1
Diffstat (limited to 'vendor/github.com/ulikunitz/xz/TODO.md')
| -rw-r--r-- | vendor/github.com/ulikunitz/xz/TODO.md | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/vendor/github.com/ulikunitz/xz/TODO.md b/vendor/github.com/ulikunitz/xz/TODO.md index 88c7341c8..594e0c7fe 100644 --- a/vendor/github.com/ulikunitz/xz/TODO.md +++ b/vendor/github.com/ulikunitz/xz/TODO.md @@ -86,6 +86,14 @@ ## Log +### 2021-02-02 + +Mituo Heijo has fuzzed xz and found a bug in the function readIndexBody. The +function allocated a slice of records immediately after reading the value +without further checks. Since the number has been too large the make function +did panic. The fix is to check the number against the expected number of records +before allocating the records. + ### 2020-12-17 Release v0.5.9 fixes warnings, a typo and adds SECURITY.md. |