rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

author	Peter Korsgaard <peter@korsgaard.com>
	Thu, 7 Sep 2017 16:58:38 +0000 (18:58 +0200)
committer	Peter Korsgaard <peter@korsgaard.com>
	Fri, 8 Sep 2017 09:15:08 +0000 (11:15 +0200)
commit	322599744ca76d6b69960dc37c3cf3baea5dab2c
tree	8777011a0d81672e8f324645cb5cd64e24f9988f	tree \| snapshot
parent	2a59db1bb079dfd7cb40ffff7ac1cd550ff6662e	commit \| diff

unrar: security bump to version 5.5.8

Fixes the following security issues:

CVE-2017-12938 - UnRAR before 5.5.7 allows remote attackers to bypass a
directory-traversal protection mechanism via vectors involving a symlink to
the . directory, a symlink to the .. directory, and a regular file.

CVE-2017-12940 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
in the EncodeFileName::Decode call within the Archive::ReadHeader15
function.

CVE-2017-12941 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
in the Unpack::Unpack20 function.

CVE-2017-12942 - libunrar.a in UnRAR before 5.5.7 has a buffer overflow in
the Unpack::LongLZ function.

For more details, see
http://www.openwall.com/lists/oss-security/2017/08/14/3

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/unrar/unrar.hash		diff \| blob \| history
package/unrar/unrar.mk		diff \| blob \| history