diff options
Diffstat (limited to 'gnu/packages/patches/zziplib-CVE-2017-5979.patch')
| -rw-r--r-- | gnu/packages/patches/zziplib-CVE-2017-5979.patch | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5979.patch b/gnu/packages/patches/zziplib-CVE-2017-5979.patch new file mode 100644 index 0000000000..b38f50b172 --- /dev/null +++ b/gnu/packages/patches/zziplib-CVE-2017-5979.patch @@ -0,0 +1,19 @@ +Fix CVE-2017-5979: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5979 + +Patch copied from Debian. + +Index: zziplib-0.13.62/zzip/fseeko.c +=================================================================== +--- zziplib-0.13.62.orig/zzip/fseeko.c ++++ zziplib-0.13.62/zzip/fseeko.c +@@ -255,7 +255,7 @@ zzip_entry_findfirst(FILE * disk) + return 0; + /* we read out chunks of 8 KiB in the hope to match disk granularity */ + ___ zzip_off_t pagesize = PAGESIZE; /* getpagesize() */ +- ___ ZZIP_ENTRY *entry = malloc(sizeof(*entry)); ++ ___ ZZIP_ENTRY *entry = calloc(1, sizeof(*entry)); + if (! entry) + return 0; + ___ unsigned char *buffer = malloc(pagesize); |