godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-08 02:09:48 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
c6063583ffdb950d69f3296fe78816943da41f9f
buildroot/package/cpio
History
Fabrice Fontaine 89857df2d1 package/cpio: fix CVE-2021-38185 
GNU cpio through 2.13 allows attackers to execute arbitrary code via a
crafted pattern file, because of a dstring.c ds_fgetstr integer overflow
that triggers an out-of-bounds heap write. NOTE: it is unclear whether
there are common cases where the pattern file, associated with the -E
option, is untrusted data.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-08-20 10:08:22 +02:00
..
0001-Minor-fix.patch
0002-Rewrite-dynamic-string-support.patch
package/cpio: fix CVE-2021-38185
2021-08-20 10:08:22 +02:00
0003-Fix-previous-commit.patch
package/cpio: fix CVE-2021-38185
2021-08-20 10:08:22 +02:00
Config.in
cpio.hash
cpio.mk
package/cpio: fix CVE-2021-38185
2021-08-20 10:08:22 +02:00