diff options
author | Patrick McDermott <patrick.mcdermott@libiquity.com> | 2019-04-06 22:29:32 (EDT) |
---|---|---|
committer | Patrick McDermott <patrick.mcdermott@libiquity.com> | 2019-04-06 22:29:32 (EDT) |
commit | 18e25107a68466fce17790e9c8d7d7e667651f55 (patch) | |
tree | da92603d745f6da5500b8c216b86829f6fa829c1 /patches/03_bzip2recover-CVE-2016-3189.patch | |
parent | 6a0cf2652ca34bbf6dcc83d1d9d1dfdb32ebbd20 (diff) |
patches: Fix security vulnerabilities
Diffstat (limited to 'patches/03_bzip2recover-CVE-2016-3189.patch')
-rw-r--r-- | patches/03_bzip2recover-CVE-2016-3189.patch | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/patches/03_bzip2recover-CVE-2016-3189.patch b/patches/03_bzip2recover-CVE-2016-3189.patch new file mode 100644 index 0000000..d4d413c --- /dev/null +++ b/patches/03_bzip2recover-CVE-2016-3189.patch @@ -0,0 +1,15 @@ +Author: Jakub Martisko <jamartis@redhat.com> +Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1319648 +Description: CVE-2016-3189 bzip2: heap use after free in bzip2recover + +diff -up ./bzip2recover.c.old ./bzip2recover.c +--- ./bzip2recover.c.old 2016-03-22 08:49:38.855620000 +0100 ++++ ./bzip2recover.c 2016-03-30 10:22:27.341430099 +0200 +@@ -458,6 +458,7 @@ Int32 main ( Int32 argc, Char** argv ) + bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 ); + bsPutUInt32 ( bsWr, blockCRC ); + bsClose ( bsWr ); ++ outFile = NULL; + } + if (wrBlock >= rbCtr) break; + wrBlock++; |