Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | bzip2: Fix CVE-2016-3189 | Sascha Hauer | 2017-06-07 | 3 | -3/+27 |
| | | | | | | | | | | | | | | Fixes: Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. https://security-tracker.debian.org/tracker/CVE-2016-3189 While at it, regenerate the first patch to apply cleanly. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> | ||||
* | bzip2: version bump 1.0.5 -> 1.0.6 | Robert Schwebel | 2014-01-17 | 2 | -0/+211 |
This new version fixes a security issue: CVE-2010-0405. Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> |