]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 2ad0b4d) | patch
unzip: CVE-2015-7696, CVE-2015-7697
authorTudor Florea <tudor.florea@enea.com>
Thu, 29 Oct 2015 00:14:18 +0000 (01:14 +0100)
committerJoshua Lock <joshua.lock@collabora.co.uk>
Thu, 5 Nov 2015 21:46:26 +0000 (21:46 +0000)
commit458d877590bcd39c7f05d31cc6e7600ca59de332
treef5edc30634226ea8a3c1857a71f79b74ff4555edtree | snapshot
parent2ad0b4dd7262c251f991bbf7826580d89bd6e73acommit | diff
unzip: CVE-2015-7696, CVE-2015-7697

CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password
CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping

References:
http://www.openwall.com/lists/oss-security/2015/10/11/5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch [new file with mode: 0644] blob
meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch [new file with mode: 0644] blob
meta/recipes-extended/unzip/unzip_6.0.bb diff | blob | history
Mirror of the official openembedded-core repository