bzip2: Security fix CVE-2016-3189
Affects bzip2 <= 1.0.6 CVSS v2 Base Score: 4.3 MEDIUM (From OE-Core rev: 979c61e47d416b940ca53e22acffdacb2625cf89) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
c0dbed63c6
commit
3aaf023202
|
@ -0,0 +1,18 @@
|
||||||
|
Upstream-Status: Backport
|
||||||
|
https://bugzilla.suse.com/attachment.cgi?id=681334
|
||||||
|
|
||||||
|
CVE: CVE-2016-3189
|
||||||
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||||
|
|
||||||
|
Index: bzip2-1.0.6/bzip2recover.c
|
||||||
|
===================================================================
|
||||||
|
--- bzip2-1.0.6.orig/bzip2recover.c
|
||||||
|
+++ bzip2-1.0.6/bzip2recover.c
|
||||||
|
@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
|
||||||
|
bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
|
||||||
|
bsPutUInt32 ( bsWr, blockCRC );
|
||||||
|
bsClose ( bsWr );
|
||||||
|
+ outFile = NULL;
|
||||||
|
}
|
||||||
|
if (wrBlock >= rbCtr) break;
|
||||||
|
wrBlock++;
|
|
@ -12,7 +12,9 @@ SRC_URI = "http://www.bzip.org/${PV}/${BP}.tar.gz \
|
||||||
file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \
|
file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \
|
||||||
file://configure.ac;subdir=${BP} \
|
file://configure.ac;subdir=${BP} \
|
||||||
file://Makefile.am;subdir=${BP} \
|
file://Makefile.am;subdir=${BP} \
|
||||||
file://run-ptest"
|
file://run-ptest \
|
||||||
|
file://CVE-2016-3189.patch \
|
||||||
|
"
|
||||||
|
|
||||||
SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b"
|
SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b"
|
||||||
SRC_URI[sha256sum] = "a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd"
|
SRC_URI[sha256sum] = "a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd"
|
||||||
|
|
Loading…
Reference in New Issue