diff options
author | Marius Bakke <mbakke@fastmail.com> | 2018-04-15 17:48:37 +0200 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2018-04-16 18:02:14 +0200 |
commit | d0ee11b2f000c3c027fd8370bc2195266398444f (patch) | |
tree | d978992c603555f48ee6540ca5dd4a58ac3105d9 /gnu/packages/patches/sharutils-CVE-2018-1000097.patch | |
parent | 452454e30cfde183bb3b8954b844a9d6c9f81bcc (diff) | |
download | guix-d0ee11b2f000c3c027fd8370bc2195266398444f.tar.gz |
gnu: sharutils: Fix CVE-2018-1000097.
* gnu/packages/patches/sharutils-CVE-2018-1000097.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/compression.scm (sharutils)[source](patches): Use it.
Diffstat (limited to 'gnu/packages/patches/sharutils-CVE-2018-1000097.patch')
-rw-r--r-- | gnu/packages/patches/sharutils-CVE-2018-1000097.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/gnu/packages/patches/sharutils-CVE-2018-1000097.patch b/gnu/packages/patches/sharutils-CVE-2018-1000097.patch new file mode 100644 index 0000000000..8d58218184 --- /dev/null +++ b/gnu/packages/patches/sharutils-CVE-2018-1000097.patch @@ -0,0 +1,21 @@ +Fix CVE-2018-1000097: + +https://security-tracker.debian.org/tracker/CVE-2018-1000097 +https://nvd.nist.gov/vuln/detail/CVE-2018-1000097 + +Patch taken from upstream bug report: +https://lists.gnu.org/archive/html/bug-gnu-utils/2018-02/msg00005.html + +diff --git a/src/unshar.c b/src/unshar.c +index 80bc3a9..0fc3773 100644 +--- a/src/unshar.c ++++ b/src/unshar.c +@@ -240,7 +240,7 @@ find_archive (char const * name, FILE * file, off_t start) + off_t position = ftello (file); + + /* Read next line, fail if no more and no previous process. */ +- if (!fgets (rw_buffer, BUFSIZ, file)) ++ if (!fgets (rw_buffer, rw_base_size, file)) + { + if (!start) + error (0, 0, _("Found no shell commands in %s"), name); |