zlib: fix CVE-2014-9485 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Divya Chellam <divya.chellam@windriver.com>	2025-03-27 11:16:08 +0000
committer	Steve Sakoman <steve@sakoman.com>	2025-04-04 08:42:47 -0700
commit	68c9f9f44982e8caabc82c25292cbdf93877aef6 (patch)
tree	46ce5fa01aaa83c89a149ff0a8744cd836279536 /scripts/lib/scriptutils.py
parent	ccd6eee7fcc83b32278319c3526a13fe856a74bc (diff)
download	poky-68c9f9f44982e8caabc82c25292cbdf93877aef6.tar.gz

zlib: fix CVE-2014-9485

Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive. Reference: https://security-tracker.debian.org/tracker/CVE-2014-9485 Upstream-patch: https://github.com/madler/zlib/commit/14a5f8f266c16c87ab6c086fc52b770b27701e01 (From OE-Core rev: 32c4b28fc06e39ab8ef86aebc5e1e1ae19934495) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/scriptutils.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: