godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-05 14:09:53 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
2023.08.x
buildroot/package/tar
History
Peter Korsgaard 0496e70976 package/tar: add upstream security patch for CVE-2022-48303 
Fixes CVE-2022-48303: GNU Tar through 1.34 has a one-byte out-of-bounds read
that results in use of uninitialized memory for a conditional jump.
Exploitation to change the flow of control has not been demonstrated.  The
issue occurs in from_header in list.c via a V7 archive in which mtime has
approximately 11 whitespace characters.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: add _IGNORE_CVES entry]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ad0bb50dc717a2d9568b73e0f4a509cf6044ffb1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-14 08:55:04 +01:00
..
0001-lib-getrandom.c-fix-build-with-uclibc-1.0.35.patch
0002-Fix-boundary-checking-in-base-256-decoder.patch
package/tar: add upstream security patch for CVE-2022-48303
2023-11-14 08:55:04 +01:00
Config.in
tar.hash
Revert "package/tar: security bump to version 1.35"
2023-11-14 08:54:54 +01:00
tar.mk
package/tar: add upstream security patch for CVE-2022-48303
2023-11-14 08:55:04 +01:00