Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
netcdf.28369
Fix-for-CVE-2019-20200-ezxml-bug-19.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File Fix-for-CVE-2019-20200-ezxml-bug-19.patch of Package netcdf.28369
From: Egbert Eich <eich@suse.com> Date: Mon Oct 25 15:38:22 2021 +0200 Subject: Fix for CVE-2019-20200 / ezxml bug 19 Patch-mainline: Not yet Git-commit: 32a3f6119de4c954ee9c967f47cbc27fef4f487f References: Make sure to not read past end of string after deleting '\r'. This fixes https://sourceforge.net/p/ezxml/bugs/19/ Signed-off-by: Egbert Eich <eich@suse.com> --- netcdf-c-4.8.0/libdap4/ezxml.c | 1 + 1 file changed, 1 insertion(+) diff --git a/netcdf-c-4.8.0/libdap4/ezxml.c b/netcdf-c-4.8.0/libdap4/ezxml.c index fff5bd2..01ac012 100644 --- a/libdap4/ezxml.c +++ b/libdap4/ezxml.c @@ -167,6 +167,7 @@ char *ezxml_decode(char *s, char **ent, char t) *(s++) = '\n'; if (*s == '\n') memmove(s, (s + 1), strlen(s)); } + if (!*s) break; // bug#19 / CVE-2019-20200 } for (s = r; ; ) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor