[Buildroot] [PATCH 1/1] package/unzip: update security and bux fix patches from Debian
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Sun Jul 14 13:04:30 UTC 2019
On Fri, 12 Jul 2019 15:30:41 +0200
Sébastien Szymanski <sebastien.szymanski at armadeus.com> wrote:
> Fix the URL and add three new patches. Quoting changelog [1]:
>
> unzip (6.0-24) unstable; urgency=medium
>
> * Apply two patches by Mark Adler:
> - Fix bug in undefer_input() that misplaced the input state.
> - Detect and reject a zip bomb using overlapped entries. Closes: #931433.
> Bug discovered by David Fifield. For reference, this is CVE-2019-13232.
>
> -- Santiago Vila <sanvila at debian.org> Thu, 11 Jul 2019 18:03:34 +0200
>
> unzip (6.0-23) unstable; urgency=medium
>
> * Fix lame code in fileio.c which parsed 64-bit values incorrectly.
> Thanks to David Fifield for the report. Closes: #929502.
>
> -- Santiago Vila <sanvila at debian.org> Wed, 29 May 2019 00:24:08 +0200
>
> [1] https://sources.debian.org/data/main/u/unzip/6.0-24/debian/changelog
>
> Signed-off-by: Sébastien Szymanski <sebastien.szymanski at armadeus.com>
> ---
> package/unzip/unzip.hash | 3 +++
> package/unzip/unzip.mk | 29 ++++++++++++++++-------------
> 2 files changed, 19 insertions(+), 13 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list