[Buildroot] [PATCH 4/5] package/unzip: add UNZIP_IGNORE_CVES entries

Fabrice Fontaine fontaine.fabrice at gmail.com
Sun Jan 17 17:52:07 UTC 2021


Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
---
 package/unzip/unzip.mk | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/package/unzip/unzip.mk b/package/unzip/unzip.mk
index 5efe5bcd09..9eff5e0639 100644
--- a/package/unzip/unzip.mk
+++ b/package/unzip/unzip.mk
@@ -31,4 +31,31 @@ UNZIP_PATCH = \
 	https://sources.debian.org/data/main/u/unzip/6.0-26/debian/patches/25-cve-2019-13232-fix-bug-in-uzbunzip2.patch \
 	https://sources.debian.org/data/main/u/unzip/6.0-26/debian/patches/26-cve-2019-13232-fix-bug-in-uzinflate.patch
 
+# 07-increase-size-of-cfactorstr.patch
+UNZIP_IGNORE_CVES += CVE-2018-18384
+# 09-cve-2014-8139-crc-overflow.patch
+UNZIP_IGNORE_CVES += CVE-2014-8139
+# 10-cve-2014-8140-test-compr-eb.patch
+UNZIP_IGNORE_CVES += CVE-2014-8140
+# 11-cve-2014-8141-getzip64data.patch
+UNZIP_IGNORE_CVES += CVE-2014-8141
+# 12-cve-2014-9636-test-compr-eb.patch
+UNZIP_IGNORE_CVES += CVE-2014-9636
+# 14-cve-2015-7696.patch
+UNZIP_IGNORE_CVES += CVE-2015-7696
+# 15-cve-2015-7697.patch
+UNZIP_IGNORE_CVES += CVE-2015-7697
+# 18-cve-2014-9913-unzip-buffer-overflow
+UNZIP_IGNORE_CVES += CVE-2014-9913
+# 19-cve-2016-9844-zipinfo-buffer-overflow.patch
+UNZIP_IGNORE_CVES += CVE-2016-9844
+# 20-cve-2018-1000035-unzip-buffer-overflow.patch
+UNZIP_IGNORE_CVES += CVE-2018-1000035
+# 22-cve-2019-13232-fix-bug-in-undefer-input.patch
+# 23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch
+# 24-cve-2019-13232-do-not-raise-alert-for-misplaced-central-directory.patch
+# 25-cve-2019-13232-fix-bug-in-uzbunzip2.patch
+# 26-cve-2019-13232-fix-bug-in-uzinflate.patch
+UNZIP_IGNORE_CVES += CVE-2019-13232
+
 $(eval $(cmake-package))
-- 
2.29.2



More information about the buildroot mailing list