projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 77d2c77) | patch
package/zziplib: fix CVE-2018-16548
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Tue, 3 Mar 2020 20:16:21 +0000 (21:16 +0100)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Tue, 3 Mar 2020 21:42:01 +0000 (22:42 +0100)
commitffd556f407fda94deb270d499cc894b2627b2760
tree293bff334aa452527559a0852230454f9b99880ftree
parent77d2c77d2946e0c92df3ef73df851ebd1b5b8b27commit | diff
package/zziplib: fix CVE-2018-16548

An issue was discovered in ZZIPlib through 0.13.69. There is a memory
leak triggered in the function __zzip_parse_root_directory in zip.c,
which will lead to a denial of service attack.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/zziplib/0001-Avoid-memory-leak-from-__zzip_parse_root_directory.patch [new file with mode: 0644] blob
package/zziplib/0002-Avoid-memory-leak-from-__zzip_parse_root_directory-2.patch [new file with mode: 0644] blob
package/zziplib/0003-One-more-free-to-avoid-memory-leak.patch [new file with mode: 0644] blob
package/zziplib/zziplib.mk diff | blob | history