summaryrefslogtreecommitdiff
path: root/gnu/packages/patches/p7zip-CVE-2017-17969.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/p7zip-CVE-2017-17969.patch')
-rw-r--r--gnu/packages/patches/p7zip-CVE-2017-17969.patch35
1 files changed, 0 insertions, 35 deletions
diff --git a/gnu/packages/patches/p7zip-CVE-2017-17969.patch b/gnu/packages/patches/p7zip-CVE-2017-17969.patch
deleted file mode 100644
index 51c24000e5..0000000000
--- a/gnu/packages/patches/p7zip-CVE-2017-17969.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Fix CVE-2017-17969:
-
-https://sourceforge.net/p/p7zip/bugs/204/
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17969
-
-Patch copied from Debian.
-
-Subject: Heap-based buffer overflow in 7zip/Compress/ShrinkDecoder.cpp
-Origin: vendor, https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/27d7/attachment/CVE-2017-17969.patch
-Forwarded: https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/#27d7
-Bug: https://sourceforge.net/p/p7zip/bugs/204/
-Bug-Debian: https://bugs.debian.org/888297
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17969
-Author: Antoine Beaupré <anarcat@debian.org>
-Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
-Last-Update: 2018-02-01
-Applied-Upstream: 18.00-beta
-
---- a/CPP/7zip/Compress/ShrinkDecoder.cpp
-+++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
-@@ -121,8 +121,13 @@ HRESULT CDecoder::CodeReal(ISequentialIn
- {
- _stack[i++] = _suffixes[cur];
- cur = _parents[cur];
-+ if (cur >= kNumItems || i >= kNumItems)
-+ break;
- }
--
-+
-+ if (cur >= kNumItems || i >= kNumItems)
-+ break;
-+
- _stack[i++] = (Byte)cur;
- lastChar2 = (Byte)cur;
-
generated by cgit v1.2.3 (git 2.50.1) at 2025-10-24 18:17:25 +0000