Sat, 28 Apr 2018 10:09:12 -0400 mpatch: ensure fragment start isn't past the end of orig (SEC) stable
Augie Fackler <augie@google.com> [Sat, 28 Apr 2018 10:09:12 -0400] rev 38189
mpatch: ensure fragment start isn't past the end of orig (SEC) Caught by oss-fuzz fuzzer during development. This defect is OVE-20180430-0004. A CVE has not been obtained as of this writing.
Sat, 28 Apr 2018 02:04:56 -0400 mpatch: protect against underflow in mpatch_apply (SEC) stable
Augie Fackler <augie@google.com> [Sat, 28 Apr 2018 02:04:56 -0400] rev 38188
mpatch: protect against underflow in mpatch_apply (SEC) Also caught by oss-fuzz fuzzer during development. This defect is OVE-20180430-0002. A CVE has not been obtained as of this writing.
Sat, 28 Apr 2018 00:42:16 -0400 mpatch: be more careful about parsing binary patch data (SEC) stable
Augie Fackler <augie@google.com> [Sat, 28 Apr 2018 00:42:16 -0400] rev 38187
mpatch: be more careful about parsing binary patch data (SEC) It appears to have been possible to trivially walk off the end of an allocated region with a malformed patch. Oops. Caught when writing an mpatch fuzzer for oss-fuzz. This defect is OVE-20180430-0001. A CVE has not been obtained as of this writing.
Wed, 06 Jun 2018 09:14:33 -0700 zstandard: pull in bug fixes from upstream 0.9.1 release (issue5884) stable
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 06 Jun 2018 09:14:33 -0700] rev 38186
zstandard: pull in bug fixes from upstream 0.9.1 release (issue5884) This changeset contains the meaningful code changes from python-zstandard's 0.9.1 release. The main fix is to restore support for compiling with mingw.
(0) -30000 -10000 -3000 -1000 -300 -100 -30 -10 -4 +4 +10 +30 +100 +300 +1000 +3000 +10000 tip