sharutils: add patch for CVE-2018-1000097
This commit is contained in:
Helmut Pozimski
Leah Neukirchen
parent
bbfe8e1c82
commit
f4ae478fa2
2 changed files with 16 additions and 1 deletions
15
srcpkgs/sharutils/patches/CVE-2018-1000097.patch
Normal file
15
srcpkgs/sharutils/patches/CVE-2018-1000097.patch
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
From: Petr Pisar
|
||||
Subject: Fix CVE-2018-1000097, heap buffer overflow in unshar
|
||||
Bug-Debian: https://bugs.debian.org/893525
|
||||
|
||||
--- src/unshar.c
|
||||
+++ src/unshar.c
|
||||
@@ -240,7 +240,7 @@
|
||||
off_t position = ftello (file);
|
||||
|
||||
/* Read next line, fail if no more and no previous process. */
|
||||
- if (!fgets (rw_buffer, BUFSIZ, file))
|
||||
+ if (!fgets (rw_buffer, rw_base_size, file))
|
||||
{
|
||||
if (!start)
|
||||
error (0, 0, _("Found no shell commands in %s"), name);
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
# Template file for 'sharutils'
|
||||
pkgname=sharutils
|
||||
version=4.15.2
|
||||
revision=1
|
||||
revision=2
|
||||
build_style=gnu-configure
|
||||
hostmakedepends="perl"
|
||||
short_desc="Makes so-called shell archives out of many files"
|
||||
|
|
|
|||
Loading…
Reference in a new issue