re-patch CVE-2014-9636 - original patch was incorrect (#1184986)
This commit is contained in:
		
							parent
							
								
									f6883dfa85
								
							
						
					
					
						commit
						df221ec2ac
					
				| @ -22,4 +22,4 @@ index c741b5f..e4a4c7b 100644 | ||||
| +        return IZ_EF_TRUNC;             /* no/bad compressed data! */
 | ||||
|   | ||||
|      method = makeword(eb + (EB_HEADSIZE + compr_offset)); | ||||
|      if ((method == STORED) && (eb_size - compr_offset != eb_ucsize)) | ||||
|      if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize)) | ||||
|  | ||||
| @ -15,7 +15,7 @@ index a0a4929..9ef80b3 100644 | ||||
|          return IZ_EF_TRUNC;               /* no compressed data! */ | ||||
|   | ||||
| +    method = makeword(eb + (EB_HEADSIZE + compr_offset));
 | ||||
| +    if ((method == STORED) && (eb_size - compr_offset != eb_ucsize))
 | ||||
| +    if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
 | ||||
| +        return PK_ERR;            /* compressed & uncompressed
 | ||||
| +                                   * should match in STORED
 | ||||
| +                                   * method */
 | ||||
|  | ||||
| @ -1,7 +1,7 @@ | ||||
| Summary: A utility for unpacking zip files | ||||
| Name: unzip | ||||
| Version: 6.0 | ||||
| Release: 19%{?dist} | ||||
| Release: 20%{?dist} | ||||
| License: BSD | ||||
| Group: Applications/Archiving | ||||
| Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz | ||||
| @ -87,6 +87,9 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{ | ||||
| %{_mandir}/*/* | ||||
| 
 | ||||
| %changelog | ||||
| * Wed Feb 11 2015 Petr Stodulka <pstodulk@redhat.com> - 6.0-20 | ||||
| - re-patch CVE-2014-9636 - original patch was incorrect (#1184986) | ||||
| 
 | ||||
| * Tue Feb 10 2015 Petr Stodulka <pstodulk@redhat.com> - 6.0-19 | ||||
| - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread  | ||||
|   (#1174844) | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user