libarchive: CVE-2017-14502 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Zhixiong Chi <zhixiong.chi@windriver.com>	2017-09-28 16:06:05 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-10-07 23:20:39 +0100
commit	cbf796a8266598c27a3af77fcef577ba5e10297f (patch)
tree	e240dbe822feab3dbe78cac516c8fe168a505205 /meta/classes
parent	31fb57d72deca73aaf66dd6416defb70fe97ee24 (diff)
download	poky-cbf796a8266598c27a3af77fcef577ba5e10297f.tar.gz

libarchive: CVE-2017-14502

read_header in archive_read_support_format_rar.c suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. Backport the patch from https://github.com/libarchive/libarchive/commit commit 5562545b5562f6d12a4ef991fae158bf4ccf92b6 CVE: CVE-2017-14502 (From OE-Core rev: 0bedb69abff85cc07ad4a54eed41d15d0a38c080) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/classes')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: