summaryrefslogtreecommitdiffstats
path: root/patches/03_bzip2recover-CVE-2016-3189.patch
diff options
context:
space:
mode:
Diffstat (limited to 'patches/03_bzip2recover-CVE-2016-3189.patch')
-rw-r--r--patches/03_bzip2recover-CVE-2016-3189.patch15
1 files changed, 15 insertions, 0 deletions
diff --git a/patches/03_bzip2recover-CVE-2016-3189.patch b/patches/03_bzip2recover-CVE-2016-3189.patch
new file mode 100644
index 0000000..d4d413c
--- /dev/null
+++ b/patches/03_bzip2recover-CVE-2016-3189.patch
@@ -0,0 +1,15 @@
+Author: Jakub Martisko <jamartis@redhat.com>
+Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1319648
+Description: CVE-2016-3189 bzip2: heap use after free in bzip2recover
+
+diff -up ./bzip2recover.c.old ./bzip2recover.c
+--- ./bzip2recover.c.old 2016-03-22 08:49:38.855620000 +0100
++++ ./bzip2recover.c 2016-03-30 10:22:27.341430099 +0200
+@@ -458,6 +458,7 @@ Int32 main ( Int32 argc, Char** argv )
+ bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+ bsPutUInt32 ( bsWr, blockCRC );
+ bsClose ( bsWr );
++ outFile = NULL;
+ }
+ if (wrBlock >= rbCtr) break;
+ wrBlock++;
generated by cgit v0.9.1 at 2024-05-06 12:57:51 (EDT)