summaryrefslogtreecommitdiff
path: root/meta/lib/oeqa/selftest/buildhistory.py
diff options
context:
space:
mode:
authorRoy Li <rongqing.li@windriver.com>2015-04-29 08:53:35 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-07-20 20:53:08 +0100
commit7c667c6aa0302649c125b0325a2e6f641810cb09 (patch)
tree073851dbd108e619544a54674c19cfd3f18578dd /meta/lib/oeqa/selftest/buildhistory.py
parentf4953004ec26c97fb696854f8e31d36b8bbeb8bf (diff)
downloadopenembedded-core-7c667c6aa0302649c125b0325a2e6f641810cb09.tar.gz
openembedded-core-7c667c6aa0302649c125b0325a2e6f641810cb09.tar.bz2
openembedded-core-7c667c6aa0302649c125b0325a2e6f641810cb09.zip
unzip: Security Advisory -CVE-2014-9636 and CVE-2015-1315
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9636 unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1315 Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. (From OE-Core rev: f86a178fd7036541a45bf31a46bddf634c133802) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta/lib/oeqa/selftest/buildhistory.py')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-29 17:24:50 +0000