diff options
author | Felix Fietkau <nbd@openwrt.org> | 2005-07-11 20:26:57 +0000 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2005-07-11 20:26:57 +0000 |
commit | 50d0001e66bb4f284fb5c032a1c05df0d49a5815 (patch) | |
tree | 78e74a68ff1be8e8ed5c79adbbb603c7ea9281c8 /package/zlib/patches | |
parent | f7849e2020c813d2f5f521c7071bc3f1a48555f8 (diff) | |
download | upstream-50d0001e66bb4f284fb5c032a1c05df0d49a5815.tar.gz upstream-50d0001e66bb4f284fb5c032a1c05df0d49a5815.tar.bz2 upstream-50d0001e66bb4f284fb5c032a1c05df0d49a5815.zip |
add a load of fixes from whiterussian to head
git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@1410 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/zlib/patches')
-rw-r--r-- | package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch b/package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch new file mode 100644 index 0000000000..b09ae6bfac --- /dev/null +++ b/package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch @@ -0,0 +1,26 @@ +Name: CAN-2005-2096 (under review) +Description: + Buffer overflow in zlib 1.2 and later versions allows remote attackers + to cause a denial of service (crash) via a crafted compressed stream, as + demonstrated using a crafted PNG file. + +References: + * DEBIAN:DSA-740 + http://www.debian.org/security/2005/dsa-740 + * REDHAT:RHSA-2005:569 + http://www.redhat.com/support/errata/RHSA-2005-569.html + + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 + +diff -ruN zlib-1.2.2-old/inftrees.c zlib-1.2.2-new/inftrees.c +--- zlib-1.2.2-old/inftrees.c 2004-09-15 16:30:06.000000000 +0200 ++++ zlib-1.2.2-new/inftrees.c 2005-07-08 21:18:58.000000000 +0200 +@@ -134,7 +134,7 @@ + left -= count[len]; + if (left < 0) return -1; /* over-subscribed */ + } +- if (left > 0 && (type == CODES || (codes - count[0] != 1))) ++ if (left > 0 && (type == CODES || max != 1)) + return -1; /* incomplete set */ + + /* generate offsets into symbol table for each length for sorting */ |