re-patch CVE-2014-9636 - original patch was incorrect (#1184986)
This commit is contained in:
parent
f6883dfa85
commit
c1b9a30e8c
@ -22,4 +22,4 @@ index c741b5f..e4a4c7b 100644
|
|||||||
+ return IZ_EF_TRUNC; /* no/bad compressed data! */
|
+ return IZ_EF_TRUNC; /* no/bad compressed data! */
|
||||||
|
|
||||||
method = makeword(eb + (EB_HEADSIZE + compr_offset));
|
method = makeword(eb + (EB_HEADSIZE + compr_offset));
|
||||||
if ((method == STORED) && (eb_size - compr_offset != eb_ucsize))
|
if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
|
||||||
|
@ -15,7 +15,7 @@ index a0a4929..9ef80b3 100644
|
|||||||
return IZ_EF_TRUNC; /* no compressed data! */
|
return IZ_EF_TRUNC; /* no compressed data! */
|
||||||
|
|
||||||
+ method = makeword(eb + (EB_HEADSIZE + compr_offset));
|
+ method = makeword(eb + (EB_HEADSIZE + compr_offset));
|
||||||
+ if ((method == STORED) && (eb_size - compr_offset != eb_ucsize))
|
+ if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
|
||||||
+ return PK_ERR; /* compressed & uncompressed
|
+ return PK_ERR; /* compressed & uncompressed
|
||||||
+ * should match in STORED
|
+ * should match in STORED
|
||||||
+ * method */
|
+ * method */
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
Summary: A utility for unpacking zip files
|
Summary: A utility for unpacking zip files
|
||||||
Name: unzip
|
Name: unzip
|
||||||
Version: 6.0
|
Version: 6.0
|
||||||
Release: 19%{?dist}
|
Release: 20%{?dist}
|
||||||
License: BSD
|
License: BSD
|
||||||
Group: Applications/Archiving
|
Group: Applications/Archiving
|
||||||
Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
|
Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
|
||||||
@ -87,6 +87,9 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{
|
|||||||
%{_mandir}/*/*
|
%{_mandir}/*/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Feb 11 2015 Petr Stodulka <pstodulk@redhat.com> - 6.0-20
|
||||||
|
- re-patch CVE-2014-9636 - original patch was incorrect (#1184986)
|
||||||
|
|
||||||
* Tue Feb 10 2015 Petr Stodulka <pstodulk@redhat.com> - 6.0-19
|
* Tue Feb 10 2015 Petr Stodulka <pstodulk@redhat.com> - 6.0-19
|
||||||
- Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread
|
- Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread
|
||||||
(#1174844)
|
(#1174844)
|
||||||
|
Loading…
Reference in New Issue
Block a user