Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-12-09 | CVE-2020-27350: debfile: integer overflow: Limit control size to 64 MiB | Julian Andres Klode | |
Like the code in arfile.cc, MemControlExtract also has buffer overflows, in code allocating memory for parsing control files. Specify an upper limit of 64 MiB for control files to both protect against the Size overflowing (we allocate Size + 2 bytes), and protect a bit against control files consisting only of zeroes. | |||
2019-05-06 | Merge libapt-inst into libapt-pkg | Julian Andres Klode | |