projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 41eadb1) | patch
package/file: add upstream security fix
authorPeter Korsgaard <peter@korsgaard.com>
Sun, 27 Oct 2019 07:45:59 +0000 (08:45 +0100)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Sun, 27 Oct 2019 08:39:35 +0000 (09:39 +0100)
commit1c4584e47e344d1968cb6397238305cd8f4e615c
tree7d68183c74056703b1fa1206a3ade0046b10e3e6tree
parent41eadb1a9b8e8626006ef4378bd97925a29b8d38commit | diff
package/file: add upstream security fix

Fixes the following security vulnerability:

- CVE-2019-18218: cdf_read_property_info in cdf.c in file through 5.37 does
  not restrict the number of CDF_VECTOR elements, which allows a heap-based
  buffer overflow (4-byte out-of-bounds write).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/file/0001-Detect-multiplication-overflow-when-computing-sector.patch [new file with mode: 0644] blob
package/file/0002-Limit-the-number-of-elements-in-a-vector-found-by-os.patch [new file with mode: 0644] blob