| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password
CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping
References:
http://www.openwall.com/lists/oss-security/2015/10/11/5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697
(From OE-Core rev: 458d877590bcd39c7f05d31cc6e7600ca59de332)
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
12-cve-2014-9636-test-compr-eb.patch is same as unzip-6.0_overflow3.diff,
is to fix CVE-2014-9636
(From OE-Core rev: 43cc77f6dd1615ec6797a159647a1ad677c1df23)
(From OE-Core rev: 0a849983d066cd1beee64cef94b2c8421275b45c)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Port four patches from unzip_6.0-8+deb7u2.debian.tar.gz to fix:
cve-2014-8139
cve-2014-8140
cve-2014-8141
cve-2014-9636
(From OE-Core rev: 2bf9165f5db5edd946a064dc5e877f97817dbae0)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9636
unzip 6.0 allows remote attackers to cause a denial of service
(out-of-bounds read or write and crash) via an extra field with
an uncompressed size smaller than the compressed field size in a
zip archive that advertises STORED method compression.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1315
Buffer overflow in the charset_to_intern function in unix/unix.c in
Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code
via a crafted string, as demonstrated by converting a string from CP866
to UTF-8.
(From OE-Core rev: f86a178fd7036541a45bf31a46bddf634c133802)
(From OE-Core rev: d868f9e8a6a5d4dc9c38e2881a329f7e3210eab8)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Change Makefile to use LDFLAGS
(From OE-Core rev: 4f211322eb1179db62c03616b4c113114c612cf8)
Signed-off-by: Mikhail Durnev <Mikhail_Durnev@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 0eb139619301d0efee330932eba3617dcb39284e)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Not only do we have to override things on the make line, but we
need to hack on configure as well to avoid certain behavior.
(From OE-Core rev: 97a6bf1787995f15c8033bd26bdbe50c7efbbcfd)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|