me/guix
Archived
1
0
Fork 0
Code Activity
This repository has been archived on 2024-08-07. You can view files and clone it, but cannot push or open issues or pull requests.
guix/gnu/packages/patches/zziplib-CVE-2017-5981.patch
Leo Famulari 0c5a8007fe
gnu: zziplib: Fix CVE-2017-{5974,5975,5976,5978,5979,5981}. 
* gnu/packages/patches/zziplib-CVE-2017-5974.patch,
gnu/packages/patches/zziplib-CVE-2017-5975.patch,
gnu/packages/patches/zziplib-CVE-2017-5976.patch,
gnu/packages/patches/zziplib-CVE-2017-5978.patch,
gnu/packages/patches/zziplib-CVE-2017-5979.patch,
gnu/packages/patches/zziplib-CVE-2017-5981.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/zip.scm (zziplib)[source]: Use them.
2017-06-15 11:12:02 -04:00

19 lines
651 B
Diff
Raw Blame History

Fix CVE-2017-5981:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5981
Patch copied from Debian.
Index: zziplib-0.13.62/zzip/fseeko.c
===================================================================
--- zziplib-0.13.62.orig/zzip/fseeko.c
+++ zziplib-0.13.62/zzip/fseeko.c
@@ -311,7 +311,8 @@ zzip_entry_findfirst(FILE * disk)
} else
continue;
- assert(0 <= root && root < mapsize);
+ if (root < 0 || root >= mapsize)
+ goto error;
if (fseeko(disk, root, SEEK_SET) == -1)
goto error;
if (fread(disk_(entry), 1, sizeof(*disk_(entry)), disk)
View git blame Copy permalink