[3.1] xdelta3: buffer overflow in main_get_appheader (CVE-2014-9765)
A buffer overflow vulnerability in xdelta3 was reported,
allowing arbitrary code execution from input files on some systems.
Fixed In Version:
xdelta3 3.0.9 and later
References:
http://seclists.org/oss-sec/2016/q1/294
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2014-9765
(from redmine: issue id 5151, created on 2016-02-22, closed on 2016-02-22)
- Relations:
- parent #5150 (closed)
- Changesets:
- Revision b2908b33 on 2016-02-22T14:33:25Z:
main/xdelta3: security upgrade to 3.0.11 (CVE-2014-9765). Fixes #5151