projects
/
debian
/
gzip
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
7fb403b
)
fix for CVE-2010-0001
beta
debian/1.3.12-9
author
Bdale Garbee
<bdale@gag.com>
Wed, 20 Jan 2010 18:45:06 +0000
(07:45 +1300)
committer
Bdale Garbee
<bdale@gag.com>
Wed, 20 Jan 2010 18:45:06 +0000
(07:45 +1300)
debian/changelog
patch
|
blob
|
history
unlzw.c
patch
|
blob
|
history
diff --git
a/debian/changelog
b/debian/changelog
index 4a5982f7fa03deddfb48a4efb323573e3acb2647..59c62c97149ae758fc76435f7764fab9cb6998ff 100644
(file)
--- a/
debian/changelog
+++ b/
debian/changelog
@@
-1,8
+1,12
@@
-gzip (1.3.12-9)
UNRELEASED; urgency=low
+gzip (1.3.12-9)
unstable; urgency=high
+ * fix applied for CVE-2010-0001 which identified an integer underflow when
+ decompressing files that are compressed using the LZW algorithm. This
+ could lead to the execution of arbitrary code when trying to decompress
+ a crafted LZW compressed gzip archive.
* switch to using dh_lintian for override delivery
* switch to using dh_lintian for override delivery
- -- Bdale Garbee <bdale@gag.com> Thu,
18 Jun 2009 14:15:42 -06
00
+ -- Bdale Garbee <bdale@gag.com> Thu,
21 Jan 2010 07:38:41 +13
00
gzip (1.3.12-8) unstable; urgency=low
gzip (1.3.12-8) unstable; urgency=low
diff --git
a/unlzw.c
b/unlzw.c
index a330f98d4795f004f15c6e0c2723f3aa2c684f90..daef155c5f183db4ec87243ac5da9087d471169b 100644
(file)
--- a/
unlzw.c
+++ b/
unlzw.c
@@
-248,7
+248,8
@@
int unlzw(in, out)
int o;
resetbuf:
int o;
resetbuf:
- e = insize-(o = (posbits>>3));
+ o = posbits >> 3;
+ e = o <= insize ? insize - o : 0;
for (i = 0 ; i < e ; ++i) {
inbuf[i] = inbuf[i+o];
for (i = 0 ; i < e ; ++i) {
inbuf[i] = inbuf[i+o];