generic-poky

sysmo-bts

generic-poky

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ross Burton	b6353f5c43	unzip: add missing CVE headers to patches (From OE-Core rev: de7ff341d18f46d68abeabcb53ba07d012090c15) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2017-04-14 09:47:08 +01:00
Zhixiong Chi	1f9af41dde	unzip: CVE-2014-9913 CVE-2016-9844 Backport the patches for CVE-2014-9913 CVE-2016-9844 CVE-2016-9844: Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. CVE-2014-9913: Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. Patches come from: https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/archivers/unzip/ or https://release.debian.org/proposed-updates/stable_diffs/unzip_6.0-16+deb8u3.debdiff Bug-Debian: https://bugs.debian.org/847486 Bug-Ubuntu: https://launchpad.net/bugs/1643750 (LOCAL REV: NOT UPSTREAM) --send to oe-core on 20170222 (From OE-Core rev: fc386ed4afb76bd3e5a3afff54d7dc8dde14fe9c) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2017-03-01 23:27:09 +00:00

Author

SHA1

Message

Date

Ross Burton

b6353f5c43

unzip: add missing CVE headers to patches

(From OE-Core rev: de7ff341d18f46d68abeabcb53ba07d012090c15)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2017-04-14 09:47:08 +01:00

Zhixiong Chi

1f9af41dde

unzip: CVE-2014-9913 CVE-2016-9844

Backport the patches for CVE-2014-9913 CVE-2016-9844

CVE-2016-9844:
Buffer overflow in the zi_short function in zipinfo.c in Info-Zip
UnZip 6.0 allows remote attackers to cause a denial of service
(crash) via a large compression method value in the central
directory file header.
CVE-2014-9913:
Buffer overflow in the list_files function in list.c in Info-Zip
UnZip 6.0 allows remote attackers to cause a denial of service
(crash) via vectors related to the compression method.

Patches come from:
https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/archivers/unzip/  or
https://release.debian.org/proposed-updates/stable_diffs/unzip_6.0-16+deb8u3.debdiff

Bug-Debian: https://bugs.debian.org/847486
Bug-Ubuntu: https://launchpad.net/bugs/1643750

(LOCAL REV: NOT UPSTREAM) --send to oe-core on 20170222

(From OE-Core rev: fc386ed4afb76bd3e5a3afff54d7dc8dde14fe9c)

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2017-03-01 23:27:09 +00:00

2 Commits