1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-16 15:57:04 +00:00
Files
Divya Chellam 68c9f9f449 zlib: fix CVE-2014-9485
Directory traversal vulnerability in the do_extract_currentfile
function in miniunz.c in miniunzip in minizip before 1.1-5 might
allow remote attackers to write to arbitrary files via a crafted
entry in a ZIP archive.

Reference:
https://security-tracker.debian.org/tracker/CVE-2014-9485

Upstream-patch:
https://github.com/madler/zlib/commit/14a5f8f266c16c87ab6c086fc52b770b27701e01

(From OE-Core rev: 32c4b28fc06e39ab8ef86aebc5e1e1ae19934495)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-04-04 08:42:47 -07:00
..
2025-04-04 08:42:47 -07:00