Hi,
it looks like that only CVE-2016-9841 is not fixed and this series is trying to address it. The first two patches are just preparation based on changes which happened in past. The third one is actual fix and the last one is following what has been done in Linux kernel long time ago and don't use incorrect zlib version string.
I tested it with and I can't see any issue. ./test/py/test.py --bd sandbox --build -s
And gitlab CI is also not showing any issue.
Thanks, Michal
Michal Simek (4): zlib: Rename this variable to here (current decoding table entry) zlib: Rename write variable to wnext (window write index) zlib: Port fix for CVE-2016-9841 to U-Boot zlib: Remove incorrect ZLIB_VERSION
include/u-boot/zlib.h | 16 ++-- lib/gzip.c | 2 +- lib/zlib/deflate.c | 13 +--- lib/zlib/inffast.c | 176 ++++++++++++++++-------------------------- lib/zlib/inflate.c | 31 ++++---- lib/zlib/inflate.h | 2 +- lib/zlib/zutil.c | 1 - 7 files changed, 90 insertions(+), 151 deletions(-)