[OpenWrt-Devel] [CC 15.05] unzip: Security update (2 CVEs)
jow at openwrt.org
jow at openwrt.org
Fri Nov 13 08:22:11 EST 2015
The unzip package has been rebuilt and was uploaded to the Chaos Calmer
15.05 repository due to multiple security issues.
VERSION
6.0-2 => 6.0-3
CHANGELOG
[Sun, 1 Nov 2015 16:21:56 +0100 8a70dde]
Patch CVE-2015-7696, CVE-2015-7697 and integer underflow
CHANGES
utils/unzip/Makefile | 2 +-
.../005-CVE-2015-7696-heap-overflow.patch | 21 +++++++++++++++++
.../006-CVE-2015-7697-infinite-loop.patch | 15 ++++++++++++
...007-integer-underflow-csiz_decrypted.patch | 21 +++++++++++++++++
4 files changed, 58 insertions(+), 1 deletion(-)
REFERENCES
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697
* https://github.com/openwrt/packages/commit/8a70ddefc782fd955080a6eba2cfc2578d057c6e
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list