aboutsummaryrefslogtreecommitdiffstats
path: root/package/zlib/patches
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2005-07-11 20:26:57 +0000
committerFelix Fietkau <nbd@openwrt.org>2005-07-11 20:26:57 +0000
commit50d0001e66bb4f284fb5c032a1c05df0d49a5815 (patch)
tree78e74a68ff1be8e8ed5c79adbbb603c7ea9281c8 /package/zlib/patches
parentf7849e2020c813d2f5f521c7071bc3f1a48555f8 (diff)
downloadupstream-50d0001e66bb4f284fb5c032a1c05df0d49a5815.tar.gz
upstream-50d0001e66bb4f284fb5c032a1c05df0d49a5815.tar.bz2
upstream-50d0001e66bb4f284fb5c032a1c05df0d49a5815.zip
add a load of fixes from whiterussian to head
git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@1410 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/zlib/patches')
-rw-r--r--package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch26
1 files changed, 26 insertions, 0 deletions
diff --git a/package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch b/package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch
new file mode 100644
index 0000000000..b09ae6bfac
--- /dev/null
+++ b/package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch
@@ -0,0 +1,26 @@
+Name: CAN-2005-2096 (under review)
+Description:
+ Buffer overflow in zlib 1.2 and later versions allows remote attackers
+ to cause a denial of service (crash) via a crafted compressed stream, as
+ demonstrated using a crafted PNG file.
+
+References:
+ * DEBIAN:DSA-740
+ http://www.debian.org/security/2005/dsa-740
+ * REDHAT:RHSA-2005:569
+ http://www.redhat.com/support/errata/RHSA-2005-569.html
+
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096
+
+diff -ruN zlib-1.2.2-old/inftrees.c zlib-1.2.2-new/inftrees.c
+--- zlib-1.2.2-old/inftrees.c 2004-09-15 16:30:06.000000000 +0200
++++ zlib-1.2.2-new/inftrees.c 2005-07-08 21:18:58.000000000 +0200
+@@ -134,7 +134,7 @@
+ left -= count[len];
+ if (left < 0) return -1; /* over-subscribed */
+ }
+- if (left > 0 && (type == CODES || (codes - count[0] != 1)))
++ if (left > 0 && (type == CODES || max != 1))
+ return -1; /* incomplete set */
+
+ /* generate offsets into symbol table for each length for sorting */