diff options
| author | Roy Li <rongqing.li@windriver.com> | 2015-04-29 08:53:35 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-06-28 09:44:07 +0100 |
| commit | 08a09c34104eaf54cb46e48227f022e895d4e39a (patch) | |
| tree | 0eb1d954e8e0cfd7717fa5b39b499487e4ba9b0f /meta/recipes-multimedia | |
| parent | d271a8e004fc29dba48c444157f7d1a9b59a105f (diff) | |
| download | ast2050-yocto-poky-08a09c34104eaf54cb46e48227f022e895d4e39a.zip ast2050-yocto-poky-08a09c34104eaf54cb46e48227f022e895d4e39a.tar.gz | |
unzip: Security Advisory -CVE-2014-9636 and CVE-2015-1315
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9636
unzip 6.0 allows remote attackers to cause a denial of service
(out-of-bounds read or write and crash) via an extra field with
an uncompressed size smaller than the compressed field size in a
zip archive that advertises STORED method compression.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1315
Buffer overflow in the charset_to_intern function in unix/unix.c in
Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code
via a crafted string, as demonstrated by converting a string from CP866
to UTF-8.
(From OE-Core rev: f86a178fd7036541a45bf31a46bddf634c133802)
(From OE-Core rev: d868f9e8a6a5d4dc9c38e2881a329f7e3210eab8)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia')
0 files changed, 0 insertions, 0 deletions
