db41b7577d
Upstream has a few more CVEs but didn't make a new release yet.
In the meantime we patch what we can
Fixes:
- CVE-2017-8842
- CVE-2017-8844
- CVE-2017-8845
- CVE-2018-5650
The CVEs left remaining to be fixed by upstream are
( Removed CVE- prefix as to not confuse tools that grep for those
values)
CVE: 2017-8843 SEVERITY: 4.3
CVE: 2017-8846 SEVERITY: 4.3
CVE: 2017-8847 SEVERITY: 4.3
CVE: 2017-9928 SEVERITY: 4.3
CVE: 2017-9929 SEVERITY: 4.3
CVE: 2018-11496 SEVERITY: 4.3
CVE: 2018-5747 SEVERITY: 4.3
24 lines
728 B
Diff
24 lines
728 B
Diff
From 38386bd482c0a8102a79958cb3eddcb97a167ca3 Mon Sep 17 00:00:00 2001
|
|
From: Con Kolivas <kernel@kolivas.org>
|
|
Date: Fri, 9 Mar 2018 17:39:40 +1100
|
|
Subject: [PATCH] CVE-2017-8842 Fix divide-by-zero in bufRead::get
|
|
|
|
---
|
|
libzpaq/libzpaq.h | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/libzpaq/libzpaq.h b/libzpaq/libzpaq.h
|
|
index 93387da..cbe211d 100644
|
|
--- a/libzpaq/libzpaq.h
|
|
+++ b/libzpaq/libzpaq.h
|
|
@@ -465,7 +465,8 @@ struct bufRead: public libzpaq::Reader {
|
|
|
|
int get() {
|
|
if (progress && !(*s_len % 128)) {
|
|
- int pct = (total_len - *s_len) * 100 / total_len;
|
|
+ int pct = (total_len > 0) ?
|
|
+ (total_len - *s_len) * 100 / total_len : 100;
|
|
|
|
if (pct / 10 != *last_pct / 10) {
|
|
int i;
|
|
|