git.libre-soc.org Git - buildroot.git/commit

author	Fabrice Fontaine <fontaine.fabrice@gmail.com>
	Tue, 3 Mar 2020 20:16:22 +0000 (21:16 +0100)
committer	Thomas Petazzoni <thomas.petazzoni@bootlin.com>
	Tue, 3 Mar 2020 21:42:04 +0000 (22:42 +0100)
commit	401d18b2e938e31a632baabccd71f2d72701d036
tree	a43d1b91b0010347d0cb094ddee230341591ebc1	tree
parent	ffd556f407fda94deb270d499cc894b2627b2760	commit \| diff

package/zziplib: fix CVE-2018-17828

Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to
overwrite arbitrary files via a .. (dot dot) in a zip file, because of
the function unzzip_cat in the bins/unzzipcat-mem.c file.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/zziplib/0004-Fix-issue-62-Remove-any-components-from-pathnames-of-extracte.patch	[new file with mode: 0644]	blob
package/zziplib/zziplib.mk		diff \| blob \| history

RSS Atom