aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/dpkg/dpkg/dpkg-CVE-2015-0860.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/dpkg/dpkg/dpkg-CVE-2015-0860.patch')
-rw-r--r--meta/recipes-devtools/dpkg/dpkg/dpkg-CVE-2015-0860.patch35
1 files changed, 0 insertions, 35 deletions
diff --git a/meta/recipes-devtools/dpkg/dpkg/dpkg-CVE-2015-0860.patch b/meta/recipes-devtools/dpkg/dpkg/dpkg-CVE-2015-0860.patch
deleted file mode 100644
index 2fd3c3bb904..00000000000
--- a/meta/recipes-devtools/dpkg/dpkg/dpkg-CVE-2015-0860.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 708e60ea4e16afb1d85da60dd73cb374a987653d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Hanno=20B=C3=B6ck?= <hanno@hboeck.de>
-Date: Thu, 19 Nov 2015 20:03:10 +0100
-Subject: [PATCH 1/1] dpkg-deb: Fix off-by-one write access on ctrllenbuf
- variable
-
-This affects old format .deb packages.
-
-CVE: CVE-2015-0860
-Warned-by: afl
-Signed-off-by: Guillem Jover <guillem@debian.org>
-
-Upstream-Status: Backport
-
-Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
----
- dpkg-deb/extract.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/dpkg-deb/extract.c b/dpkg-deb/extract.c
-index 5a9587a..e39fb35 100644
---- a/dpkg-deb/extract.c
-+++ b/dpkg-deb/extract.c
-@@ -247,7 +247,7 @@ extracthalf(const char *debar, const char *dir,
- if (errstr)
- ohshit(_("archive has invalid format version: %s"), errstr);
-
-- r = read_line(arfd, ctrllenbuf, 1, sizeof(ctrllenbuf));
-+ r = read_line(arfd, ctrllenbuf, 1, sizeof(ctrllenbuf) - 1);
- if (r < 0)
- read_fail(r, debar, _("archive control member size"));
- if (sscanf(ctrllenbuf, "%jd%c%d", &ctrllennum, &nlc, &dummy) != 2 ||
---
-1.9.1
-