]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 453c5c8) | patch
zlib: fix CVE-2014-9485
authorDivya Chellam <divya.chellam@windriver.com>
Thu, 27 Mar 2025 11:16:08 +0000 (11:16 +0000)
committerSteve Sakoman <steve@sakoman.com>
Mon, 31 Mar 2025 16:13:54 +0000 (09:13 -0700)
commit32c4b28fc06e39ab8ef86aebc5e1e1ae19934495
tree6c86c933fb60c1d1fb63e6d6bc5fcc9294eb75f6tree | snapshot
parent453c5c8d9031be2b3a25e2a04e0f5f6325ef7298commit | diff
zlib: fix CVE-2014-9485

Directory traversal vulnerability in the do_extract_currentfile
function in miniunz.c in miniunzip in minizip before 1.1-5 might
allow remote attackers to write to arbitrary files via a crafted
entry in a ZIP archive.

Reference:
https://security-tracker.debian.org/tracker/CVE-2014-9485

Upstream-patch:
https://github.com/madler/zlib/commit/14a5f8f266c16c87ab6c086fc52b770b27701e01

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/zlib/zlib/CVE-2014-9485.patch [new file with mode: 0644] blob
meta/recipes-core/zlib/zlib_1.2.11.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib