]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: a2980f0) | patch
unzip: CVE-2015-7696, CVE-2015-7697
authorTudor Florea <tudor.florea@enea.com>
Mon, 14 Dec 2015 12:24:10 +0000 (13:24 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sat, 30 Jan 2016 12:02:00 +0000 (12:02 +0000)
commit9c841157f8ecd3221702c4675a4145f586617780
tree02cdc1f4f51263fe313c7de3da672efd551f6cd8tree | snapshot
parenta2980f004519a4baeb4c88ad924e15195fe75e32commit | diff
unzip: CVE-2015-7696, CVE-2015-7697

CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password
CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping

References:
http://www.openwall.com/lists/oss-security/2015/10/11/5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch [new file with mode: 0644] blob
meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch [new file with mode: 0644] blob
meta/recipes-extended/unzip/unzip_6.0.bb diff | blob | history
Mirror of the official openembedded-core repository