From 50d0001e66bb4f284fb5c032a1c05df0d49a5815 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Mon, 11 Jul 2005 20:26:57 +0000 Subject: add a load of fixes from whiterussian to head git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@1410 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- .../zlib/patches/zlib-1.2.2-CAN-2005-2096.patch | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch (limited to 'package/zlib') diff --git a/package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch b/package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch new file mode 100644 index 0000000000..b09ae6bfac --- /dev/null +++ b/package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch @@ -0,0 +1,26 @@ +Name: CAN-2005-2096 (under review) +Description: + Buffer overflow in zlib 1.2 and later versions allows remote attackers + to cause a denial of service (crash) via a crafted compressed stream, as + demonstrated using a crafted PNG file. + +References: + * DEBIAN:DSA-740 + http://www.debian.org/security/2005/dsa-740 + * REDHAT:RHSA-2005:569 + http://www.redhat.com/support/errata/RHSA-2005-569.html + + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 + +diff -ruN zlib-1.2.2-old/inftrees.c zlib-1.2.2-new/inftrees.c +--- zlib-1.2.2-old/inftrees.c 2004-09-15 16:30:06.000000000 +0200 ++++ zlib-1.2.2-new/inftrees.c 2005-07-08 21:18:58.000000000 +0200 +@@ -134,7 +134,7 @@ + left -= count[len]; + if (left < 0) return -1; /* over-subscribed */ + } +- if (left > 0 && (type == CODES || (codes - count[0] != 1))) ++ if (left > 0 && (type == CODES || max != 1)) + return -1; /* incomplete set */ + + /* generate offsets into symbol table for each length for sorting */ -- cgit v1.2.3