unzip: CVE-2014-9913 CVE-2016-9844 - openembedded-core-contrib - OpenEmbedded Core user contribution trees

diff options

author	Zhixiong Chi <zhixiong.chi@windriver.com>	2017-02-22 15:14:42 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-03-01 12:54:21 +0000
commit	fc386ed4afb76bd3e5a3afff54d7dc8dde14fe9c (patch)
tree	1f3aa2ca38829ef4da07e5fdc36764024ae3ed58 /meta/recipes-core/glib-2.0
parent	f65baebafc3d1389c5e5000c6cd921b7569123a1 (diff)
download	openembedded-core-contrib-fc386ed4afb76bd3e5a3afff54d7dc8dde14fe9c.tar.gz

unzip: CVE-2014-9913 CVE-2016-9844

Backport the patches for CVE-2014-9913 CVE-2016-9844 CVE-2016-9844: Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. CVE-2014-9913: Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. Patches come from: https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/archivers/unzip/ or https://release.debian.org/proposed-updates/stable_diffs/unzip_6.0-16+deb8u3.debdiff Bug-Debian: https://bugs.debian.org/847486 Bug-Ubuntu: https://launchpad.net/bugs/1643750 (LOCAL REV: NOT UPSTREAM) --send to oe-core on 20170222 Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>

Diffstat (limited to 'meta/recipes-core/glib-2.0')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: