unzip: CVE-2015-7696, CVE-2015-7697

CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping References: http://www.openwall.com/lists/oss-security/2015/10/11/5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697 Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Tudor Florea <tudor.florea@enea.com> 2015-10-29 01:14:18 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-11-02 12:25:41 +0000
commit: a11b23a7d2a29414a4ea47c411f09a68b1b28e2d (patch)
tree: 401ab5502ae11e37bac113fabe434658cd0b230c /meta/recipes-extended/unzip/unzip_6.0.bb
parent: d5065e2b1c49fa65627f0adec8e42190ebccb572 (diff)
download: openembedded-core-a11b23a7d2a29414a4ea47c411f09a68b1b28e2d.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
index 4a0a713a61..9e63d3ae76 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -14,6 +14,8 @@ SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/unzip60.tgz \
 	file://09-cve-2014-8139-crc-overflow.patch \
 	file://10-cve-2014-8140-test-compr-eb.patch \
 	file://11-cve-2014-8141-getzip64data.patch \
+	file://CVE-2015-7696.patch \
+	file://CVE-2015-7697.patch \
 "
 
 SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"
author	Tudor Florea <tudor.florea@enea.com>	2015-10-29 01:14:18 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-11-02 12:25:41 +0000
commit	a11b23a7d2a29414a4ea47c411f09a68b1b28e2d (patch)
tree	401ab5502ae11e37bac113fabe434658cd0b230c /meta/recipes-extended/unzip/unzip_6.0.bb
parent	d5065e2b1c49fa65627f0adec8e42190ebccb572 (diff)
download	openembedded-core-a11b23a7d2a29414a4ea47c411f09a68b1b28e2d.tar.gz