diff options
| author | Armin Kuster <akuster@mvista.com> | 2016-07-16 16:04:13 -0700 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-07-20 10:24:56 +0100 |
| commit | 979c61e47d416b940ca53e22acffdacb2625cf89 (patch) | |
| tree | b575b870aadde2944e919c97741e4eb811040117 /meta/recipes-extended/bzip2/bzip2-1.0.6 | |
| parent | 5b3df0c5e8885ea34f66b41fcf209a9960fbbf5e (diff) | |
| download | openembedded-core-979c61e47d416b940ca53e22acffdacb2625cf89.tar.gz openembedded-core-979c61e47d416b940ca53e22acffdacb2625cf89.tar.bz2 openembedded-core-979c61e47d416b940ca53e22acffdacb2625cf89.zip | |
bzip2: Security fix CVE-2016-3189
Affects bzip2 <= 1.0.6
CVSS v2 Base Score: 4.3 MEDIUM
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-extended/bzip2/bzip2-1.0.6')
| -rw-r--r-- | meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch new file mode 100644 index 0000000000..1d0c3a6dd3 --- /dev/null +++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch @@ -0,0 +1,18 @@ +Upstream-Status: Backport +https://bugzilla.suse.com/attachment.cgi?id=681334 + +CVE: CVE-2016-3189 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: bzip2-1.0.6/bzip2recover.c +=================================================================== +--- bzip2-1.0.6.orig/bzip2recover.c ++++ bzip2-1.0.6/bzip2recover.c +@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv ) + bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 ); + bsPutUInt32 ( bsWr, blockCRC ); + bsClose ( bsWr ); ++ outFile = NULL; + } + if (wrBlock >= rbCtr) break; + wrBlock++; |