diff options
| author | Mark H Weaver <mhw@netris.org> | 2015-07-04 05:22:49 -0400 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2015-07-04 05:44:10 -0400 |
| commit | 4463c0d2161f66c4ff0d52c50ff0a3a030686f1b (patch) | |
| tree | 3f1aba42fd040420a2ee6964d6a5ec134adeb8be /gnu/packages/patches/icecat-CVE-2015-2736.patch | |
| parent | 4cd86f5d52d6faac6668dc9853a5e5ecc9236ba9 (diff) | |
| download | guix-4463c0d2161f66c4ff0d52c50ff0a3a030686f1b.tar.gz | |
gnu: icecat: Fix CVE-2015-{2722,2724,2728,2733,2735,2736,2738,2739,2740,2743}.
* gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch, gnu/packages/patches/icecat-CVE-2015-2722-pt2.patch, gnu/packages/patches/icecat-CVE-2015-2724-pt1.patch, gnu/packages/patches/icecat-CVE-2015-2724-pt2.patch, gnu/packages/patches/icecat-CVE-2015-2724-pt3.patch, gnu/packages/patches/icecat-CVE-2015-2724-pt4.patch, gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch, gnu/packages/patches/icecat-CVE-2015-2728-pt2.patch, gnu/packages/patches/icecat-CVE-2015-2733-pt1.patch, gnu/packages/patches/icecat-CVE-2015-2733-pt2.patch, gnu/packages/patches/icecat-CVE-2015-2735.patch, gnu/packages/patches/icecat-CVE-2015-2736.patch, gnu/packages/patches/icecat-CVE-2015-2738.patch, gnu/packages/patches/icecat-CVE-2015-2739.patch, gnu/packages/patches/icecat-CVE-2015-2740.patch, gnu/packages/patches/icecat-CVE-2015-2743.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-2736.patch')
| -rw-r--r-- | gnu/packages/patches/icecat-CVE-2015-2736.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-2736.patch b/gnu/packages/patches/icecat-CVE-2015-2736.patch new file mode 100644 index 0000000000..a59cc64d10 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2015-2736.patch @@ -0,0 +1,34 @@ +From 6daa986c7fdf27835a0f5d897c88f6b8dc42b8db Mon Sep 17 00:00:00 2001 +From: Andrea Marchesini <amarchesini@mozilla.com> +Date: Thu, 4 Jun 2015 15:04:10 +0100 +Subject: [PATCH] Bug 1167888 - Better string length check in + nsZipArchive::BuildFileList. r=smaug, a=dveditz + +--HG-- +extra : transplant_source : %5E6%3E%84%B6a%7F%1F%D21zGc%BD%E1%80%EF%0C%B5%F0 +--- + modules/libjar/nsZipArchive.cpp | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/modules/libjar/nsZipArchive.cpp b/modules/libjar/nsZipArchive.cpp +index cb3e5d0..f8af715 100644 +--- a/modules/libjar/nsZipArchive.cpp ++++ b/modules/libjar/nsZipArchive.cpp +@@ -617,8 +617,13 @@ MOZ_WIN_MEM_TRY_BEGIN + if (!centralOffset) + return NS_ERROR_FILE_CORRUPTED; + +- //-- Read the central directory headers + buf = startp + centralOffset; ++ ++ // avoid overflow of startp + centralOffset. ++ if (buf < startp) ++ return NS_ERROR_FILE_CORRUPTED; ++ ++ //-- Read the central directory headers + uint32_t sig = 0; + while (buf + int32_t(sizeof(uint32_t)) <= endp && + (sig = xtolong(buf)) == CENTRALSIG) { +-- +2.4.3 + |