projects / openwrt / staging / ynezz.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 701d25b) | patch
busybox: backport fix for CVE-2021-28831
authorHauke Mehrtens <hauke@hauke-m.de>
Sun, 2 May 2021 15:42:19 +0000 (17:42 +0200)
committerHauke Mehrtens <hauke@hauke-m.de>
Tue, 4 May 2021 20:29:29 +0000 (22:29 +0200)
commita641502849091feebf5d41c2eaa9ac89e59b8127
tree505d6282214a319ded546a17a6866d58653fd256tree | snapshot
parent701d25b551144cacd5d7fd8024fd2e6c7c264b70commit | diff
busybox: backport fix for CVE-2021-28831

This backports a fix for the low priority CVE-2021-28831:
  decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit
  on the huft_build result pointer, with a resultant invalid free or
  segmentation fault, via malformed gzip data.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 13397b2b95b4800fb0a29c3d483fa280d10f0eb0)
package/utils/busybox/Makefile diff | blob | history
package/utils/busybox/patches/005-backport-CVE-2021-28831.patch [new file with mode: 0644] blob
Staging tree of Petr Stetiar