Changelog for libmspack0-0.6-3.11.1.x86_64.rpm
* Wed Jul 14 2021 danilo.spinellaAATTsuse.com- There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (CVE-2018-14679, bsc#1103032)
* libmspack-CVE-2018-14679.patch- Bad KWAJ file header extensions could cause a one or two byte overwrite (CVE-2018-14681, bsc#1103032).
* libmspack-CVE-2018-14681.patch- There is an off-by-one error in the TOLOWER() macro for CHM decompression (CVE-2018-14682, bsc#1103032).
* Mon Nov 04 2019 kstreitovaAATTsuse.com- add libmspack-0.6alpha-CVE-2019-1010305.patch to fix a buffer overflow in chmd_read_headers(): a CHM file name beginning \"::\" but shorter than 33 bytes will lead to reading past the freshly-allocated name buffer - checks for specific control filenames didn\'t take length into account [bsc#1141680] [CVE-2019-1010305]
* Fri Mar 29 2019 mcalabkovaAATTsuse.com- Enable build-time tests (bsc#1130489)
* Added patch libmspack-failing-tests.patch
* Fri Oct 26 2018 mcalabkovaAATTsuse.com- Added patches:
* libmspack-resize-buffer.patch -- CAB block input buffer is one byte too small for maximal Quantum block.
* libmspack-fix-bounds-checking.patch -- Fix off-by-one bounds check on CHM PMGI/PMGL chunk numbers and reject empty filenames.
* libmspack-reject-blank-filenames.patch -- Avoid returning CHM file entries that are \"blank\" because they have embedded null bytes.
* (the last two patches were modified by removing unneeded part in order to make them more independent)- Fixed bugs:
* CVE-2018-18584 (bsc#1113038)
* CVE-2018-18585 (bsc#1113039)
* Fri Jan 19 2018 adam.majerAATTsuse.de- Correct mspack-tools group to Productivity/File utilities
* Tue Jan 16 2018 jengelhAATTinai.de- Correct SRPM group.
* Tue Jan 16 2018 mardnhAATTgmx.de- Fix typo
* Mon Jan 15 2018 mardnhAATTgmx.de- Update to version 0.6
* read_spaninfo(): a CHM file can have no ResetTable and have a negative length in SpanInfo, which then feeds a negative output length to lzxd_init(), which then sets frame_size to a value of your choosing, the lower 32 bits of output length, larger than LZX_FRAME_SIZE. If the first LZX block is uncompressed, this writes data beyond the end of the window. This issue was raised by ClamAV as CVE-2017-6419.
* lzxd_init(), lzxd_set_output_length(), mszipd_init(): due to the issue mentioned above, these functions now reject negative lengths
* cabd_read_string(): add missing error check on result of read(). If an mspack_system implementation returns an error, it\'s interpreted as a huge positive integer, which leads to reading past the end of the stack-based buffer. This issue was raised by ClamAV as CVE-2017-11423- Add subpackage for helper tools- Run spec-cleaner
* Fri Feb 27 2015 sbrabecAATTsuse.cz- Remove problematic libmspack-qtmd_decompress-loop.patch (bnc#912214#c10). Version 0.5 has a correct fix dated 2015-01-05.
* Wed Feb 11 2015 p.drouandAATTgmail.com- Update to version 0.5
* Please read the changelog; too many things to list
* Tue Jan 20 2015 sbrabecAATTsuse.cz- Fix possible infinite loop caused DoS (bnc912214, CVE-2014-9556, libmspack-qtmd_decompress-loop.patch).