]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: d5065e2) | patch
unzip: CVE-2015-7696, CVE-2015-7697
authorTudor Florea <tudor.florea@enea.com>
Thu, 29 Oct 2015 00:14:18 +0000 (01:14 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 2 Nov 2015 12:25:41 +0000 (12:25 +0000)
commita11b23a7d2a29414a4ea47c411f09a68b1b28e2d
tree401ab5502ae11e37bac113fabe434658cd0b230ctree | snapshot
parentd5065e2b1c49fa65627f0adec8e42190ebccb572commit | diff
unzip: CVE-2015-7696, CVE-2015-7697

CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password
CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping

References:
http://www.openwall.com/lists/oss-security/2015/10/11/5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch [new file with mode: 0644] blob
meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch [new file with mode: 0644] blob
meta/recipes-extended/unzip/unzip_6.0.bb diff | blob | history
Mirror of the official openembedded-core repository