rpms/squashfs-tools
6
0
Fork 0
Code Issues Pull Requests Releases Activity

squashfs-tools: CVE fixes

Browse Source 
No code changes in this commit. A JIRA/BZ reference was missed out on an
earlier patch to fix CVE-2021-40153 that prevented the issue from being
closed out correctly. This commit simply adds that missing reference.

* Thu Oct 5 2023 Abhi Das <adas@redhat.com> - 4.4-10.git1
- CVE-2021-41072 squashfs-tools: additional write outside destination directory exploit fix
  CVE-2021-40153 squashfs-tools: unvalidated filepaths allow writing outside of destination
  rhbz#2007304 RHEL-7763

Resolves: rhbz#2007304 RHEL-7763
Signed-off-by: Abhi Das <adas@redhat.com>
This commit is contained in:
Abhi Das 2023-10-05 13:29:40 -05:00
parent ed884d0c40
commit 8fd02ab944
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
squashfs-tools.spec
View File

@ -56,9 +56,10 @@ install -m 644 %{SOURCE2} %{buildroot}%{_mandir}/man1/unsquashfs.1
%{_sbindir}/unsquashfs
%changelog
* Wed Sep 13 2023 Abhi Das <adas@redhat.com> - 4.4-10.git1
* Thu Oct 5 2023 Abhi Das <adas@redhat.com> - 4.4-10.git1
- CVE-2021-41072 squashfs-tools: additional write outside destination directory exploit fix
rhbz#2007304
CVE-2021-40153 squashfs-tools: unvalidated filepaths allow writing outside of destination
rhbz#2007304 RHEL-7763
* Mon May 30 2022 Abhi Das <adas@redhat.com> - 4.4-9.git1
- CVE-2021-40153 squashfs-tools: unvalidated filepaths allow writing outside of destination