[Buildroot] [PATCH] libarchive: add upstream security patches

Peter Korsgaard peter at korsgaard.com
Wed Aug 8 14:26:43 UTC 2018


>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:

 > Add patches for the following security issues:
 > CVE-2017-14501 - An out-of-bounds read flaw exists in parse_file_info in
 > archive_read_support_format_iso9660.c when extracting a specially
 > crafted iso9660 iso file.

 > CVE-2017-14502 - Off-by-one error for UTF-16 names in RAR archives,
 > leading to an out-of-bounds read in archive_read_format_rar_read_header.

 > CVE-2017-14503 - Out-of-bounds read within lha_read_data_none() in
 > archive_read_support_format_lha.c when extracting a specially crafted
 > lha archive.

 > Signed-off-by: Baruch Siach <baruch at tkos.co.il>

Committed, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list