Commit ebda3e09 authored by Chris Lamb's avatar Chris Lamb 💬 Committed by Raphaël Hertzog

Import Debian changes 3.0.4-3+wheezy5+deb7u1

libarchive (3.0.4-3+wheezy5+deb7u1) wheezy-security; urgency=high

  * CVE-2017-5601: Fix a hheap buffer overflow reported in Secunia SA74169.
    (Closes: #853278)
parent 2f592fe4
libarchive (3.0.4-3+wheezy5+deb7u1) wheezy-security; urgency=high
* CVE-2017-5601: Fix a hheap buffer overflow reported in Secunia SA74169.
(Closes: #853278)
-- Chris Lamb <lamby@debian.org> Tue, 31 Jan 2017 20:38:08 +1300
libarchive (3.0.4-3+wheezy5) wheezy-security; urgency=high
* Non-maintainer upload by the LTS Team.
......
Description: Fail with negative lha->compsize in lha_read_file_header_1()
--- a/libarchive/archive_read_support_format_lha.c
+++ b/libarchive/archive_read_support_format_lha.c
@@ -959,6 +959,9 @@
/* Get a real compressed file size. */
lha->compsize -= extdsize - 2;
+ if (lha->compsize < 0)
+ goto invalid; /* Invalid compressed file size */
+
if (sum_calculated != headersum) {
archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
"LHa header sum error");
......@@ -30,3 +30,4 @@ CVE-2016-5418/Fixes-for-Issue-745-and-Issue-746-from-Doran-Moppert.patch
CVE-2016-8687.patch
CVE-2016-8688.patch
CVE-2016-8689.patch
CVE-2017-5601.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment