1 files changed, 32 insertions, 0 deletions

diff --git a/gnu/packages/patches/zziplib-CVE-2017-5975.patch b/gnu/packages/patches/zziplib-CVE-2017-5975.patch
new file mode 100644
index 0000000000..fad174b056
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5975.patch
@@ -0,0 +1,32 @@
+Fix CVE-2017-5975:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5975
+
+Patch copied from Debian.
+
+Index: zziplib-0.13.62/zzip/memdisk.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/memdisk.c
++++ zziplib-0.13.62/zzip/memdisk.c
+@@ -173,6 +173,8 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+         return 0;               /* errno=ENOMEM; */
+     ___ struct zzip_file_header *header =
+         zzip_disk_entry_to_file_header(disk, entry);
++    if (!header)
++	{ free(item); return 0; }
+     /*  there is a number of duplicated information in the file header
+      *  or the disk entry block. Theoretically some part may be missing
+      *  that exists in the other, ... but we will prefer the disk entry.
+Index: zziplib-0.13.62/zzip/mmapped.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/mmapped.c
++++ zziplib-0.13.62/zzip/mmapped.c
+@@ -289,6 +289,8 @@ zzip_disk_entry_to_file_header(ZZIP_DISK
+         (disk->buffer + zzip_disk_entry_fileoffset(entry));
+     if (disk->buffer > file_header || file_header >= disk->endbuf)
+         return 0;
++    if (ZZIP_GET32(file_header) != ZZIP_FILE_HEADER_MAGIC)
++        return 0;
+     return (struct zzip_file_header *) file_header;
+ }
+