diff options
author | Mikle Kolyada <zlogene@gentoo.org> | 2018-05-15 17:35:44 +0300 |
---|---|---|
committer | Mikle Kolyada <zlogene@gentoo.org> | 2018-05-15 17:35:44 +0300 |
commit | f54c143b292c20929b654915b198afa2f7f6126f (patch) | |
tree | 5dfbb33eaa8919121ab7c70de0bded2daa52c2c0 /net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch | |
parent | net-misc/wget: arm/m68k/ppc/ppc64/s390/sh stable wrt bug #655216 (diff) | |
download | gentoo-f54c143b292c20929b654915b198afa2f7f6126f.tar.gz gentoo-f54c143b292c20929b654915b198afa2f7f6126f.tar.bz2 gentoo-f54c143b292c20929b654915b198afa2f7f6126f.zip |
net-misc/wget: Old vuln. versions are now gone
Package-Manager: Portage-2.3.24, Repoman-2.3.6
Diffstat (limited to 'net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch')
-rw-r--r-- | net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch | 34 |
1 files changed, 0 insertions, 34 deletions
diff --git a/net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch b/net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch deleted file mode 100644 index f961741aa288..000000000000 --- a/net-misc/wget/files/wget-1.19.1-CVE-2017-13089.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 3dbc2e06ad487862c2fcc64d4891ff8aeb254bad Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de> -Date: Fri, 20 Oct 2017 10:59:38 +0200 -Subject: [PATCH 1/2] Fix stack overflow in HTTP protocol handling - (CVE-2017-13089) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -* src/http.c (skip_short_body): Return error on negative chunk size - -Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint -Reported-by: Juhani Eronen from Finnish National Cyber Security Centre ---- - src/http.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/http.c b/src/http.c -index 55367688..dc318231 100644 ---- a/src/http.c -+++ b/src/http.c -@@ -973,6 +973,9 @@ skip_short_body (int fd, wgint contlen, bool chunked) - remaining_chunk_size = strtol (line, &endl, 16); - xfree (line); - -+ if (remaining_chunk_size < 0) -+ return false; -+ - if (remaining_chunk_size == 0) - { - line = fd_read_line (fd); --- -2.15.0.rc1 - |