review.tizen.org Git - platform/upstream/libxml2.git/commit

projects / platform / upstream / libxml2.git / commit

author	Nick Wellnhofer <wellnhofer@aevum.de>
	Mon, 30 Jul 2018 11:14:11 +0000 (13:14 +0200)
committer	Hyunjee Kim <hj0426.kim@samsung.com>
	Mon, 18 Nov 2019 03:16:12 +0000 (12:16 +0900)
commit	635ef8dfd263636823d0cfdafdffb27bf015ff27
tree	ec157b8d7515581ec0906a28e72c4ea427181fb7	tree \| snapshot
parent	08fa200b5e50edd752f35f20d7488182fc1e1497	commit \| diff

[CVE-2018-9251][CVE-2018-14567] Fix infinite loop in LZMA decompression

Check the liblzma error code more thoroughly to avoid infinite loops.

Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13
Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914

This is CVE-2018-9251 and CVE-2018-14567.

Thanks to Dongliang Mu and Simon Wörner for the reports.

Change-Id: I99c24f76dc075e8ad9b1fd29f563e5fec355485c
Signed-off-by: Hyunjee Kim <hj0426.kim@samsung.com>

xzlib.c

diff | blob | history

Domain: System / Base;

RSS Atom