Accepting request 48470 from home:vuntz:branches:Base:System
OBS-URL: https://build.opensuse.org/request/show/48470 OBS-URL: https://build.opensuse.org/package/show/Base:System/gzip?expand=0&rev=12
This commit is contained in:
Pavol Rusnak
committed by
Git OBS Bridge
Git OBS Bridge
parent
443c3baf68
commit
8cdc6a4ecc
20
gzip.changes
20
gzip.changes
@@ -1,3 +1,23 @@
|
||||
-------------------------------------------------------------------
|
||||
Sun Sep 19 09:48:02 CEST 2010 - vuntz@opensuse.org
|
||||
|
||||
- Update to version 1.4:
|
||||
+ gzip -d could segfault and/or clobber the stack, possibly
|
||||
leading to arbitrary code execution. This affects x86_64 but
|
||||
not 32-bit systems. This fixes CVE-2010-0001. See also
|
||||
rh#554418.
|
||||
+ gzip -d would fail with a CRC error for some valid inputs.
|
||||
So far, the only valid input known to exhibit this failure was
|
||||
compressed "from FAT filesystem (MS-DOS, OS/2, NT)". In
|
||||
addition, to trigger the failure, your memcpy implementation
|
||||
must copy in the "reverse" order.
|
||||
- Drop gzip-CVE-2010-0001.diff: fixed upstream.
|
||||
- Remove AutoReqProv: it's default now.
|
||||
- Use %configure, %makeinstall, and %{_bindir}.
|
||||
- Update zdiff.diff: some of the patch is upstream now. It's
|
||||
unclear to me if the rest is still needed :/ So leaving it.
|
||||
- Rebase zgrep.diff.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de
|
||||
|
||||
|
||||
Reference in New Issue
Block a user