Overview

File _patchinfo of Package patchinfo.290

<patchinfo incident="290">
  <issue id="909214" tracker="bnc">CVE-2014-8139: input sanitization errors</issue>
  <issue id="CVE-2014-8139" tracker="cve" />
  <issue id="CVE-2014-8141" tracker="cve" />
  <issue id="CVE-2014-8140" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>netsroth</packager>
  <description>
  This update fixes the following security issues:

- CVE-2014-8139: fix heap overflow condition in
  the CRC32 verification (fixes bnc#909214)
- CVE-2014-8140 and CVE-2014-8141: fix write error
  (*_8349_*) shows a problem in extract.c:test_compr_eb(), and:
  read errors (*_6430_*, *_3422_*) show problems in
  process.c:getZip64Data() (fixes bnc#909214)

</description>
  <summary>Security update for unzip</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places