0c5a8007fe
* gnu/packages/patches/zziplib-CVE-2017-5974.patch, gnu/packages/patches/zziplib-CVE-2017-5975.patch, gnu/packages/patches/zziplib-CVE-2017-5976.patch, gnu/packages/patches/zziplib-CVE-2017-5978.patch, gnu/packages/patches/zziplib-CVE-2017-5979.patch, gnu/packages/patches/zziplib-CVE-2017-5981.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/zip.scm (zziplib)[source]: Use them.
20 lines
651 B
Diff
20 lines
651 B
Diff
Fix CVE-2017-5981:
|
|
|
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5981
|
|
|
|
Patch copied from Debian.
|
|
Index: zziplib-0.13.62/zzip/fseeko.c
|
|
===================================================================
|
|
--- zziplib-0.13.62.orig/zzip/fseeko.c
|
|
+++ zziplib-0.13.62/zzip/fseeko.c
|
|
@@ -311,7 +311,8 @@ zzip_entry_findfirst(FILE * disk)
|
|
} else
|
|
continue;
|
|
|
|
- assert(0 <= root && root < mapsize);
|
|
+ if (root < 0 || root >= mapsize)
|
|
+ goto error;
|
|
if (fseeko(disk, root, SEEK_SET) == -1)
|
|
goto error;
|
|
if (fread(disk_(entry), 1, sizeof(*disk_(entry)), disk)
|