summaryrefslogtreecommitdiff
path: root/contrib/minizip/miniunz.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Neutralize zip file traversal attacks in miniunz.Matt Wilson2024-01-171-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | Archive formats such as .zip files are generally susceptible to so-called "traversal attacks". This allows an attacker to craft an archive that writes to unexpected locations of the file system (e.g., /etc/shadow) if an unspecting root user were to unpack a malicious archive. This patch neutralizes absolute paths such as /tmp/moo and deeply relative paths such as dummy/../../../../../../../../../../tmp/moo The Debian project requested CVE-2014-9485 be allocated for the first identified weakness. The fix was incomplete, resulting in a revised patch applied here. Since there wasn't an updated version released by Debian with the incomplete fix, I suggest we use this CVE to identify both issues. Link: https://security.snyk.io/research/zip-slip-vulnerability Link: https://bugs.debian.org/774321 Link: https://bugs.debian.org/776831 Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9485 Reported-by: Jakub Wilk <jwilk@debian.org> Fixed-by: Michael Gilbert <mgilbert@debian.org>
* Correct case of MSDOS in contrib/minizip/miniunz.c.William Leara2024-01-171-1/+1
|
* Update miniunz version.tbeu2023-08-201-1/+1
|
* Avoid uninitialized and unused warnings in contrib/minizip.Mark Adler2023-08-171-1/+7
|
* Support Haiku in minizip.Gilles Vollant2023-08-031-1/+1
|
* Fix typos found by codespell in minizipDimitri Papadopoulos2023-07-291-3/+3
|
* Remove K&R function definitions from contrib/minizip.Mark Adler2023-04-151-43/+11
|
* Remove some harmless semicolons in minizip.Mark Adler2022-10-061-1/+1
|
* Clean up minizip to reduce warnings for testing.Mark Adler2022-01-011-13/+13
| | | | Also fix Makefile test target and permit added compile options.
* Improve portability of contrib/minizip.Mark Adler2021-02-101-5/+4
|
* zlib 1.2.5.1v1.2.5.1Mark Adler2011-09-111-13/+25
|
* zlib 1.2.3.9v1.2.3.9Mark Adler2011-09-091-23/+23
|
* zlib 1.2.3.8v1.2.3.8Mark Adler2011-09-091-4/+4
|
* zlib 1.2.3.5v1.2.3.5Mark Adler2011-09-091-37/+100
|
* zlib 1.2.3v1.2.3Mark Adler2011-09-091-585/+585
|
* zlib 1.2.2.3v1.2.2.3Mark Adler2011-09-091-585/+585
|
* zlib 1.2.2v1.2.2Mark Adler2011-09-091-2/+2
|
* zlib 1.2.1.2v1.2.1.2Mark Adler2011-09-091-6/+35
|
* zlib 1.2.0.6v1.2.0.6Mark Adler2011-09-091-1/+1
|
* zlib 1.2.0.5v1.2.0.5Mark Adler2011-09-091-556/+556
|
* zlib 1.2.0.2v1.2.0.2Mark Adler2011-09-091-543/+556
|
* zlib 1.2.0.1v1.2.0.1Mark Adler2011-09-091-287/+322
|
* zlib 1.1.2v1.1.2Mark Adler2011-09-091-0/+508
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 14:52:44 +0000