projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d043f57) | patch
package/busybox: add upstream gunzip security fix
authorPeter Korsgaard <peter@korsgaard.com>
Tue, 6 Apr 2021 13:11:59 +0000 (15:11 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Wed, 7 Apr 2021 07:26:16 +0000 (09:26 +0200)
commit0f4ec05ed07865c86a261e453e78a508afca8ce4
tree3ebff9ba5ece056330f5a03812f38d497ae57b4dtree
parentd043f5775ac8d74e4970e03eec0cd8fe054e6263commit | diff
package/busybox: add upstream gunzip security fix

Fixes the following security issue:

- CVE-2021-28831: decompress_gunzip.c in BusyBox through 1.32.1 mishandles
  the error bit on the huft_build result pointer, with a resultant invalid
  free or segmentation fault, via malformed gzip data.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/busybox/0004-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch [new file with mode: 0644] blob
package/busybox/busybox.mk diff | blob | history