]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: e1bbca2) | patch
libarchive: CVE-2017-14502
authorZhixiong Chi <zhixiong.chi@windriver.com>
Thu, 28 Sep 2017 08:06:05 +0000 (16:06 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 6 Oct 2017 11:03:32 +0000 (12:03 +0100)
commit0bedb69abff85cc07ad4a54eed41d15d0a38c080
treea95a68a5afd49f5993602b90e092cff1f86e0fdctree | snapshot
parente1bbca2b6d2edbea0939cbeafe6e74c1d4c59a25commit | diff
libarchive: CVE-2017-14502

read_header in archive_read_support_format_rar.c suffers from an
off-by-one error for UTF-16 names in RAR archives, leading to an
out-of-bounds read in archive_read_format_rar_read_header.
Backport the patch from
https://github.com/libarchive/libarchive/commit
commit 5562545b5562f6d12a4ef991fae158bf4ccf92b6

CVE: CVE-2017-14502

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
meta/recipes-extended/libarchive/libarchive/CVE-2017-14502.patch [new file with mode: 0644] blob
meta/recipes-extended/libarchive/libarchive_3.3.2.bb diff | blob | history
Mirror of the official openembedded-core repository