|Index||index by Group||index by Distribution||index by Vendor||index by creation date||index by Name||Mirrors||Help||Search|
|Name: libmspack0||Distribution: openSUSE Leap 15.2|
|Version: 0.6||Vendor: openSUSE|
|Release: lp152.5.1||Build date: Mon Jun 1 12:13:13 2020|
|Group: System/Libraries||Build host: obs-arm-5|
|Size: 126636||Source RPM: libmspack-0.6-lp152.5.1.src.rpm|
|Summary: Library That Implements Different Microsoft Compressions|
The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft. Currently the most common formats are implemented.
* Mon Nov 04 2019 Kristyna Streitova <email@example.com> - add libmspack-0.6alpha-CVE-2019-1010305.patch to fix a buffer overflow in chmd_read_headers(): a CHM file name beginning "::" but shorter than 33 bytes will lead to reading past the freshly-allocated name buffer - checks for specific control filenames didn't take length into account [bsc#1141680] [CVE-2019-1010305] * Fri Mar 29 2019 Marketa Calabkova <firstname.lastname@example.org> - Enable build-time tests (bsc#1130489) * Added patch libmspack-failing-tests.patch * Fri Oct 26 2018 Marketa Calabkova <email@example.com> - Added patches: * libmspack-resize-buffer.patch -- CAB block input buffer is one byte too small for maximal Quantum block. * libmspack-fix-bounds-checking.patch -- Fix off-by-one bounds check on CHM PMGI/PMGL chunk numbers and reject empty filenames. * libmspack-reject-blank-filenames.patch -- Avoid returning CHM file entries that are "blank" because they have embedded null bytes. * (the last two patches were modified by removing unneeded part in order to make them more independent) - Fixed bugs: * CVE-2018-18584 (bsc#1113038) * CVE-2018-18585 (bsc#1113039) * Fri Jan 19 2018 firstname.lastname@example.org - Correct mspack-tools group to Productivity/File utilities * Tue Jan 16 2018 email@example.com - Correct SRPM group. * Tue Jan 16 2018 firstname.lastname@example.org - Fix typo * Mon Jan 15 2018 email@example.com - Update to version 0.6 * read_spaninfo(): a CHM file can have no ResetTable and have a negative length in SpanInfo, which then feeds a negative output length to lzxd_init(), which then sets frame_size to a value of your choosing, the lower 32 bits of output length, larger than LZX_FRAME_SIZE. If the first LZX block is uncompressed, this writes data beyond the end of the window. This issue was raised by ClamAV as CVE-2017-6419. * lzxd_init(), lzxd_set_output_length(), mszipd_init(): due to the issue mentioned above, these functions now reject negative lengths * cabd_read_string(): add missing error check on result of read(). If an mspack_system implementation returns an error, it's interpreted as a huge positive integer, which leads to reading past the end of the stack-based buffer. This issue was raised by ClamAV as CVE-2017-11423 - Add subpackage for helper tools - Run spec-cleaner * Fri Feb 27 2015 firstname.lastname@example.org - Remove problematic libmspack-qtmd_decompress-loop.patch (bnc#912214#c10). Version 0.5 has a correct fix dated 2015-01-05. * Wed Feb 11 2015 email@example.com - Update to version 0.5 * Please read the changelog; too many things to list * Tue Jan 20 2015 firstname.lastname@example.org - Fix possible infinite loop caused DoS (bnc912214, CVE-2014-9556, libmspack-qtmd_decompress-loop.patch).
/usr/lib/libmspack.so.0 /usr/lib/libmspack.so.0.1.0 /usr/share/doc/packages/libmspack0 /usr/share/doc/packages/libmspack0/AUTHORS /usr/share/doc/packages/libmspack0/COPYING.LIB /usr/share/doc/packages/libmspack0/ChangeLog /usr/share/doc/packages/libmspack0/README /usr/share/doc/packages/libmspack0/TODO
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Sep 9 12:22:30 2023