diff options
author | Tudor Florea <tudor.florea@enea.com> | 2015-10-29 01:14:18 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-11-02 12:25:41 +0000 |
commit | a11b23a7d2a29414a4ea47c411f09a68b1b28e2d (patch) | |
tree | 401ab5502ae11e37bac113fabe434658cd0b230c /meta/recipes-extended/unzip/unzip_6.0.bb | |
parent | d5065e2b1c49fa65627f0adec8e42190ebccb572 (diff) | |
download | openembedded-core-contrib-a11b23a7d2a29414a4ea47c411f09a68b1b28e2d.tar.gz |
unzip: CVE-2015-7696, CVE-2015-7697
CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password
CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping
References:
http://www.openwall.com/lists/oss-security/2015/10/11/5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/unzip/unzip_6.0.bb')
-rw-r--r-- | meta/recipes-extended/unzip/unzip_6.0.bb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb index 4a0a713a61..9e63d3ae76 100644 --- a/meta/recipes-extended/unzip/unzip_6.0.bb +++ b/meta/recipes-extended/unzip/unzip_6.0.bb @@ -14,6 +14,8 @@ SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/unzip60.tgz \ file://09-cve-2014-8139-crc-overflow.patch \ file://10-cve-2014-8140-test-compr-eb.patch \ file://11-cve-2014-8141-getzip64data.patch \ + file://CVE-2015-7696.patch \ + file://CVE-2015-7697.patch \ " SRC_URI[md5sum] = "62b490407489521db863b523a7f86375" |