Overview
Request 453671 accepted
- Add 0001-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch
This patch (from upstream, rebased) prevents an OOB heap buffer
read which could allow attackers to obtain sensitive information
from process memory or cause a DoS (bsc#1021610, CVE-2017-5545).
- Fixed CVE-2017-5209 and boo#1019531: The base64decode function
in base64.c allows attackers to obtaiin sensitive info from
process memory or cause a denial of service (buffer over-read)
via split encoded Apple Property List data.
- Added patch CVE-2017-5209.patch
* Rework base64decode to handle spliti encoded data correctly
* The credit goes to Nikias Bassen <nikias@gmx.li>, here's just
a backport of the upstream commit
- Created by alarrosa
- In state accepted
- Open review for hardware / libplist
Request History
alarrosa created request
- Add 0001-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch
This patch (from upstream, rebased) prevents an OOB heap buffer
read which could allow attackers to obtain sensitive information
from process memory or cause a DoS (bsc#1021610, CVE-2017-5545).
- Fixed CVE-2017-5209 and boo#1019531: The base64decode function
in base64.c allows attackers to obtaiin sensitive info from
process memory or cause a denial of service (buffer over-read)
via split encoded Apple Property List data.
- Added patch CVE-2017-5209.patch
* Rework base64decode to handle spliti encoded data correctly
* The credit goes to Nikias Bassen <nikias@gmx.li>, here's just
a backport of the upstream commit
maintbot added libplist as a reviewer
Submission for libplist by someone who is not maintainer in the devel project (hardware). Please review
maintbot accepted review
accepted
AndreasStieger moved maintenance target to openSUSE:Maintenance:6313
AndreasStieger accepted request
start update