PublicDateAtUSN: 2017-05-23 04:29:00 UTC
Candidate: CVE-2016-9842
PublicDate: 2017-05-23 04:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9842
 http://www.openwall.com/lists/oss-security/2016/12/05/10
 https://ubuntu.com/security/notices/USN-4246-1
 https://ubuntu.com/security/notices/USN-4292-1
Description:
 The inflateMark function in inflate.c in zlib 1.2.8 might allow
 context-dependent attackers to have unspecified impact via vectors
 involving left shifts of negative integers.
Ubuntu-Description:
Notes:
 mdeslaur> since 3.1.3-7, rsync builds with the system zlib
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847274
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_zlib:
 upstream: https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
 upstream: https://github.com/madler/zlib/commit/2edb94a3025d288dc251bc6cbb2c02e60fbd7438
upstream_zlib: needs-triage
precise_zlib: ignored (reached end-of-life)
precise/esm_zlib: ignored (end of ESM support, was needed)
trusty_zlib: ignored (reached end-of-life)
trusty/esm_zlib: needed
vivid/stable-phone-overlay_zlib: ignored (reached end-of-life)
vivid/ubuntu-core_zlib: ignored (reached end-of-life)
xenial_zlib: released (1:1.2.8.dfsg-2ubuntu4.3)
esm-infra/xenial_zlib: released (1:1.2.8.dfsg-2ubuntu4.3)
yakkety_zlib: ignored (reached end-of-life)
zesty_zlib: ignored (reached end-of-life)
artful_zlib: not-affected (1:1.2.11.dfsg-0ubuntu2)
bionic_zlib: not-affected (1:1.2.11.dfsg-0ubuntu2)
cosmic_zlib: not-affected (1:1.2.11.dfsg-0ubuntu2)
disco_zlib: not-affected (1:1.2.11.dfsg-0ubuntu2)
eoan_zlib: not-affected (1:1.2.11.dfsg-0ubuntu2)
focal_zlib: not-affected (1:1.2.11.dfsg-0ubuntu2)
groovy_zlib: not-affected (1:1.2.11.dfsg-0ubuntu2)
hirsute_zlib: not-affected (1:1.2.11.dfsg-0ubuntu2)
impish_zlib: not-affected (1:1.2.11.dfsg-0ubuntu2)
jammy_zlib: not-affected (1:1.2.11.dfsg-0ubuntu2)
devel_zlib: not-affected (1:1.2.11.dfsg-0ubuntu2)

Patches_rsync:
upstream_rsync: needs-triage
precise/esm_rsync: not-affected (code not present)
trusty/esm_rsync: not-affected (code not present)
xenial_rsync: released (3.1.1-3ubuntu1.3)
esm-infra/xenial_rsync: released (3.1.1-3ubuntu1.3)
bionic_rsync: released (3.1.2-2.1ubuntu1.1)
disco_rsync: released (3.1.3-6)
eoan_rsync: released (3.1.3-6)
focal_rsync: released (3.1.3-6)
groovy_rsync: released (3.1.3-6)
hirsute_rsync: released (3.1.3-6)
impish_rsync: released (3.1.3-6)
jammy_rsync: released (3.1.3-6)
devel_rsync: released (3.1.3-6)