[Buildroot] [PATCH 2/2] package/zziplib: fix CVE-2018-17828
Peter Korsgaard
peter at korsgaard.com
Sun Mar 15 10:15:47 UTC 2020
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to
> overwrite arbitrary files via a .. (dot dot) in a zip file, because of
> the function unzzip_cat in the bins/unzzipcat-mem.c file.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2019.11.x (not in 2019.02.x), thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list