diff options
author | Zhixiong Chi <zhixiong.chi@windriver.com> | 2017-02-22 15:14:42 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-03-01 23:27:09 +0000 |
commit | 1f9af41ddea93ad4d4e600955084cf4b4cb16fcd (patch) | |
tree | 67a6d58c6db4af62880b27d202b0f4c10f9cc641 /meta/recipes-extended/which | |
parent | 9e6cb6ec8b4b1d66b1e626f175946d15c1a2b49c (diff) | |
download | poky-1f9af41ddea93ad4d4e600955084cf4b4cb16fcd.tar.gz |
unzip: CVE-2014-9913 CVE-2016-9844
Backport the patches for CVE-2014-9913 CVE-2016-9844
CVE-2016-9844:
Buffer overflow in the zi_short function in zipinfo.c in Info-Zip
UnZip 6.0 allows remote attackers to cause a denial of service
(crash) via a large compression method value in the central
directory file header.
CVE-2014-9913:
Buffer overflow in the list_files function in list.c in Info-Zip
UnZip 6.0 allows remote attackers to cause a denial of service
(crash) via vectors related to the compression method.
Patches come from:
https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/archivers/unzip/ or
https://release.debian.org/proposed-updates/stable_diffs/unzip_6.0-16+deb8u3.debdiff
Bug-Debian: https://bugs.debian.org/847486
Bug-Ubuntu: https://launchpad.net/bugs/1643750
(LOCAL REV: NOT UPSTREAM) --send to oe-core on 20170222
(From OE-Core rev: fc386ed4afb76bd3e5a3afff54d7dc8dde14fe9c)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/which')
0 files changed, 0 insertions, 0 deletions