mirror of
https://git.busybox.net/buildroot.git
synced 2024-12-11 22:33:29 +08:00
ad0bb50dc7
Fixes CVE-2022-48303: GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> [Peter: add _IGNORE_CVES entry] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
---|---|---|
.. | ||
0001-lib-getrandom.c-fix-build-with-uclibc-1.0.35.patch | ||
0002-Fix-boundary-checking-in-base-256-decoder.patch | ||
Config.in | ||
tar.hash | ||
tar.mk |