Package: zoo / 2.10-27
Metadata
Package | Version | Patches format |
---|---|---|
zoo | 2.10-27 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
01 old fixes.patch | (download) |
ar.h |
3 3 + 0 - 0 ! |
old fixes, that were made before this package has changed to use dpatch. |
02 traversal directory.patch | (download) |
portable.c |
35 35 + 0 - 0 ! |
patch to solve problem with "directory traversal bug" cve id can-2005-2349 |
03 fix manage archive under AMD64.patch | (download) |
makefile |
5 5 + 0 - 0 ! |
patch to solve problems managing files under amd64 and maybe under others 64 archs. |
04 fix fullpath buffer overflow.patch | (download) |
misc.c |
5 4 + 1 - 0 ! |
fix "fullpath()" file name handling buffer overflow, can-2006-0855 |
05 CVE 2006 1269.patch | (download) |
parse.c |
2 1 + 1 - 0 ! |
buffer overflow during archive creation cve-2006-1269 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183426 A buffer overflow bug exists in zoo which is triggered during archive creation. This issue is borderline a bug as it's really only a problem if someone is creating a zoo archive on a directory full of files controlled by a local attacker. |
06 CVE 2007 1673.patch | (download) |
zooext.c |
9 9 + 0 - 0 ! |
multiple vendors zoo file decompression infinite loop dos http://archives.neohapsis.com/archives/bugtraq/2007-05/0046.html . It's possible to make the ZOO implementation to enter in an infinite loop condition. The vulnerability lies in the algorithm used to locate the files inside the archive. Each file in a ZOO archive is identified by a direntry structure. Those structures are linked between themselves with a 'next' pointer. This pointer is in fact an offset from the beginning of the file, representing the next direntry structure. By specifying an already processed file, it's possible to process more than one time this same file. The ZOO parser will then enter an infinite loop condition. |
07 ms help reduce outputted newlines in help.patch | (download) |
zoo.c |
11 5 + 6 - 0 ! |
reduce newlines outputted in help screens There are huge gaps between the help screen (extra empty lines). The following patch minimizes them. |
08 wait return comment out.patch | (download) |
zoo.c |
2 2 + 0 - 0 ! |
disable 'hit return to continue' screens The requirement to press RET key are not very confortable. The following patch removed the requirement to press a key to next screen, so that the output can be fed to less(1) etc. |
10 printf.patch | (download) |
zoolist.c |
8 4 + 4 - 0 ! |
fix missing format strings |
12 printf.patch | (download) |
zooadd.c |
2 1 + 1 - 0 ! |
fix missing format strings |
14 printf.patch | (download) |
zoo.c |
14 7 + 7 - 0 ! |
fix missing format strings |
20 makefile.patch | (download) |
makefile |
10 7 + 3 - 0 ! |
enabled hardened build flags through dpkg-buildflags |