aboutsummaryrefslogtreecommitdiff
path: root/debian/CODE-REDUCTION_CLEANUP-BRUTAL
diff options
context:
space:
mode:
authorJoerg Sonnenberger <joerg@britannica.bec.de>2011-08-21 18:51:53 +0200
committerMihai Moldovan <ionic@ionic.de>2015-02-16 06:16:41 +0100
commit6acafc9334828da22446380c81af81bde14b5d86 (patch)
tree5067b7b4ffa5511cea999ebba976a1890a9d5340 /debian/CODE-REDUCTION_CLEANUP-BRUTAL
parentb04f11915e29d9563d279e1326f61b50ea414dba (diff)
downloadnx-libs-6acafc9334828da22446380c81af81bde14b5d86.tar.gz
nx-libs-6acafc9334828da22446380c81af81bde14b5d86.tar.bz2
nx-libs-6acafc9334828da22446380c81af81bde14b5d86.zip
Do proper input validation to fix for CVE-2011-2895.
It ensures that all valid input can be decompressed, checks that the overflow conditions doesn't happen and generally tightens the validation of the LZW stream and doesn't pessimize the inner loop for no good reason. It's derived from a change in libarchive from 2004. v2: backports to nx-libs 3.6.x (Mihai Moldovan) Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr> Reviewed-by: Tomas Hoger <thoger@redhat.com>
Diffstat (limited to 'debian/CODE-REDUCTION_CLEANUP-BRUTAL')
0 files changed, 0 insertions, 0 deletions