Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
---|---|---|---|---|---|---|
source-code-fixes | fix header files | no | 2012-05-31 | |||
64-bit-fixes | Patch to make it work on 64 bit. See news from 11 April 2011 on http://lclevy.free.fr/adflib/. Source: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=15;filename=adflib_stdint_diff.txt;att=1;bug=458129 http://grimnorth.se/~noname/tmp/adflib_stdint_diff.txt Slightly modified (and removed the .depend files from the patches) =================================================================== |
no | ||||
add-hardening-flags-in-compiler-options | Add hardening flags in compiler options | Boris Pek <tehnick-8@mail.ru> | no | 2012-06-19 | ||
privacy-breach.patch | Remove monitoring from FAQ | Stephen Kitt <skitt@debian.org> | no | |||
CVE-2016-1243_CVE-2016-1244 | Fix unsafe extraction by using mkdir() instead of shell command This commit fixes following vulnerabilities: - CVE-2016-1243: stack buffer overflow caused by blindly trusting on pathname lengths of archived files Stack allocated buffer sysbuf was filled with sprintf() without any bounds checking in extracTree() function. - CVE-2016-1244: execution of unsanitized input Shell command used for creating directory paths was constructed by concatenating names of archived files to the end of the command string. So, if the user was tricked to extract a specially crafted .adf file, the attacker was able to execute arbitrary code with privileges of the user. This commit fixes both issues by 1) replacing mkdir shell commands with mkdir() function calls 2) removing redundant sysbuf buffer -- |
Tuomas Räsänen <tuomasjjrasanen@tjjr.fi> | no | 2016-09-20 |