From 753ec70905a680f653768572b481f3637b733fdf Mon Sep 17 00:00:00 2001
From: Tudor Florea <tudor.florea@enea.com>
Date: Thu, 29 Oct 2015 00:05:32 +0100
Subject: unzip: CVE-2015-7696, CVE-2015-7697

CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password
CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping

References:
http://www.openwall.com/lists/oss-security/2015/10/11/5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
---
 meta/recipes-extended/unzip/unzip_6.0.bb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'meta/recipes-extended/unzip/unzip_6.0.bb')

diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
index e590f8186d..acbc837c54 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -14,6 +14,8 @@ SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/unzip60.tgz \
 	file://09-cve-2014-8139-crc-overflow.patch \
 	file://10-cve-2014-8140-test-compr-eb.patch \
 	file://11-cve-2014-8141-getzip64data.patch \
+	file://CVE-2015-7696.patch \
+	file://CVE-2015-7697.patch \
 "
 
 SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"
-- 
cgit v1.2.3-54-g00ecf