freebsd-ports

kpriv/freebsd-ports

Fork 0

Commit graph

Author	SHA1	Message	Date
Christian Weisgerber	cc8446f3ae	Update to 2.12, but retain local fix for CVE-2015-1197.	2015-09-17 20:15:23 +00:00
Christian Weisgerber	22141a97fb	CVE-2014-9112: Heap-based buffer overflow in the process_copy_in function allows remote attackers to cause a denial of service via a large block value in a cpio archive. Fix from a series of upstream commits by Sergey Poznyakoff. CVE-2015-1197: cpio, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. Fix from Vitezslav Cizek after 3.5 years of gestation in the SUSE bug tracker. PR: 198954 Obtained from: Debian	2015-03-31 14:29:26 +00:00

Author

SHA1

Message

Date

Christian Weisgerber

cc8446f3ae

Update to 2.12, but retain local fix for CVE-2015-1197.

2015-09-17 20:15:23 +00:00

Christian Weisgerber

22141a97fb

CVE-2014-9112: Heap-based buffer overflow in the process_copy_in

function allows remote attackers to cause a denial of service via
a large block value in a cpio archive.
Fix from a series of upstream commits by Sergey Poznyakoff.

CVE-2015-1197: cpio, when using the --no-absolute-filenames option,
allows local users to write to arbitrary files via a symlink attack
on a file in an archive.
Fix from Vitezslav Cizek after 3.5 years of gestation in the SUSE
bug tracker.

PR:		198954
Obtained from:	Debian

2015-03-31 14:29:26 +00:00

2 commits