Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/NEWS
diff options
context:
space:
mode:
authorNils Freydank <holgersson@posteo.de>2017-10-20 22:42:32 +0200
committerAllan McRae <allan@archlinux.org>2017-12-07 14:59:26 +1000
commitad0517d3711b6826cd7a95b99beb36ccd072c2e0 (patch)
tree00d0b319c56437d9992f5381c64ed59951bc9319 /NEWS
parent44f3a157983e903f926b4f11ddb3f57d111e60f9 (diff)
Fix CVE-2016-5434 (DoS/loop and out of boundary read)
This is a rewrite of Tobias Stoeckmann’s patch from June 2016[1] using functions instead of macros. (Thanks to Tobias for explanations of his patch.) A short question on Freenode IRC showed that macros are generally discouraged and functions should be used. The patch introduces a static size_t length_check() in libalpm/signing.c. [1] Original patch: https://lists.archlinux.org/pipermail/pacman-dev/2016-June/021148.html CVE request (and assignment): http://seclists.org/oss-sec/2016/q2/526 Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'NEWS')
0 files changed, 0 insertions, 0 deletions

Copyright © 2002-2022 Judd Vinet and Aaron Griffin. Copyright © 2022 Erich Eckner.
The Arch Linux name and logo are recognized trademarks. Some rights reserved. The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.