Security update for zstd
This update for zstd to version 1.4.2 fixes the following issues:
Security issues fixed:
- CVE-2019-11922: Fixed race condition in one-pass compression functions that could allow out of bounds write (boo#1142941).
Non-security issues fixed:
- Added --[no-]compress-literals CLI flag to enable or disable literal compression.
- Added new --rsyncable mode.
- Added handling of -f flag to zstdgrep.
- Added CPU load indicator for each file on -vv mode.
- Changed --no-progress flag to preserve the final summary.
- Added new command --adapt for compressed network piping of data adjusted to the perceived network conditions.
-
Submitted by
Bernhard Wiedemann (bmwiedemann)
Fixed bugs
bnc#1133297
LTO: zstd build fails
bnc#1082318
Packages must not mark license files as %doc
bnc#1142941
VUL-1: CVE-2019-11922: zstd: race condition in one-pass compression functions could allow out of bounds write
