Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libmspack-devel-0.6-lp152.6.3.1 RPM for ppc64le

From OpenSuSE Ports Leap 15.2 updates for ppc64le

Name: libmspack-devel Distribution: openSUSE Leap 15.2
Version: 0.6 Vendor: openSUSE
Release: lp152.6.3.1 Build date: Fri Aug 20 12:13:49 2021
Group: Development/Libraries/C and C++ Build host: obs-power8-05
Size: 89240 Source RPM: libmspack-0.6-lp152.6.3.1.src.rpm
Summary: Static libraries, header files and documentation for libmspack
The libmspack-devel package contains the header files and static
libraries necessary for developing programs using libmspack.






* Wed Jul 14 2021 Danilo Spinella <>
  - There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
    checks, which could lead to denial of service
    (CVE-2018-14679, bsc#1103032)
    * libmspack-CVE-2018-14679.patch
  - Bad KWAJ file header extensions could cause a one or two byte overwrite
    (CVE-2018-14681, bsc#1103032).
    * libmspack-CVE-2018-14681.patch
  - There is an off-by-one error in the TOLOWER() macro for CHM decompression
    (CVE-2018-14682, bsc#1103032).
    * libmspack-CVE-2018-14682.patch
* Mon Nov 04 2019 Kristyna Streitova <>
  - add libmspack-0.6alpha-CVE-2019-1010305.patch to fix a buffer
    overflow in chmd_read_headers(): a CHM file name beginning "::"
    but shorter than 33 bytes will lead to reading past the
    freshly-allocated name buffer - checks for specific control
    filenames didn't take length into account [bsc#1141680]
* Fri Mar 29 2019 Marketa Calabkova <>
  - Enable build-time tests (bsc#1130489)
    * Added patch libmspack-failing-tests.patch
* Fri Oct 26 2018 Marketa Calabkova <>
  - Added patches:
    * libmspack-resize-buffer.patch -- CAB block input buffer is one
      byte too small for maximal Quantum block.
    * libmspack-fix-bounds-checking.patch --  Fix off-by-one bounds
      check on CHM PMGI/PMGL chunk numbers and reject empty filenames.
    * libmspack-reject-blank-filenames.patch -- Avoid returning CHM
      file entries that are "blank" because they have embedded null
    * (the last two patches were modified by removing unneeded part
      in order to make them more independent)
  - Fixed bugs:
    * CVE-2018-18584 (bsc#1113038)
    * CVE-2018-18585 (bsc#1113039)
* Fri Jan 19 2018
  - Correct mspack-tools group to Productivity/File utilities
* Tue Jan 16 2018
  - Correct SRPM group.
* Tue Jan 16 2018
  - Fix typo
* Mon Jan 15 2018
  - Update to version 0.6
    * read_spaninfo(): a CHM file can have no ResetTable and have a
    negative length in SpanInfo, which then feeds a negative output
    length to lzxd_init(), which then sets frame_size to a value of
    your choosing, the lower 32 bits of output length, larger than
    LZX_FRAME_SIZE. If the first LZX block is uncompressed, this
    writes data beyond the end of the window.
    This issue was raised by ClamAV as CVE-2017-6419.
    * lzxd_init(), lzxd_set_output_length(), mszipd_init(): due to the
    issue mentioned above, these functions now reject negative lengths
    * cabd_read_string(): add missing error check on result of read().
    If an mspack_system implementation returns an error, it's
    interpreted as a huge positive integer, which leads to reading
    past the end of the stack-based buffer.
    This issue was raised by ClamAV as CVE-2017-11423
  - Add subpackage for helper tools
  - Run spec-cleaner
* Fri Feb 27 2015
  - Remove problematic libmspack-qtmd_decompress-loop.patch
    Version 0.5 has a correct fix dated 2015-01-05.
* Wed Feb 11 2015
  - Update to version 0.5
    * Please read the changelog; too many things to list
* Tue Jan 20 2015
  - Fix possible infinite loop caused DoS (bnc912214, CVE-2014-9556,



Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Oct 20 23:21:31 2021