projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d7dcc6c) | patch
libarchive: add upstream security patches
authorBaruch Siach <baruch@tkos.co.il>
Tue, 7 Aug 2018 14:55:22 +0000 (17:55 +0300)
committerPeter Korsgaard <peter@korsgaard.com>
Wed, 8 Aug 2018 14:19:28 +0000 (16:19 +0200)
commit760fbe789c77571b2baf1ddbb3b10207ece7fd7a
treed6e66c4781cd226740d8055fbeeefe68000e987ctree
parentd7dcc6c0196e0d7b68a1da56a5a2a39616a3fcbecommit | diff
libarchive: add upstream security patches

Add patches for the following security issues:

CVE-2017-14501 - An out-of-bounds read flaw exists in parse_file_info in
archive_read_support_format_iso9660.c when extracting a specially
crafted iso9660 iso file.

CVE-2017-14502 - Off-by-one error for UTF-16 names in RAR archives,
leading to an out-of-bounds read in archive_read_format_rar_read_header.

CVE-2017-14503 - Out-of-bounds read within lha_read_data_none() in
archive_read_support_format_lha.c when extracting a specially crafted
lha archive.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/libarchive/0002-iso9660-validate-directory-record-length.patch [new file with mode: 0644] blob
package/libarchive/0003-Avoid-a-read-off-by-one-error-for-UTF16-names-in-RAR.patch [new file with mode: 0644] blob
package/libarchive/0004-Reject-LHA-archive-entries-with-negative-size.patch [new file with mode: 0644] blob