summaryrefslogtreecommitdiff
path: root/meta/recipes-devtools/squashfs-tools/patches
AgeCommit message (Collapse)AuthorFiles
2013-11-20squashfs-tools: remove FILESEXTRAPATH and move patches directorySaul Wold4
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-12-14squashfs: fix CVE-2012-4025yanjun.zhu3
CQID:WIND00366813 Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi? p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025 Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> [YOCTO #3564] Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-12-03squashfs: fix for CVE-2012-4024yanjun.zhu1
Reference:http://squashfs.git.sourceforge.net/git/gitweb.cgi?p= squashfs/squashfs;a=commit;h=19c38fba0be1ce949ab44310d7f49887576cc123 Fix potential stack overflow in get_component() where an individual pathname component in an extract file (specified on the command line or in an extract file) could exceed the 1024 byte sized targname allocated on the stack. Fix by dynamically allocating targname rather than storing it as a fixed size on the stack. [YOCTO #3513] Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-11 18:41:55 +0000