From: sms
Subject: Fix CVE-2014-8139: CRC32 verification heap-based overflow
Bug-Debian: http://bugs.debian.org/773722

--- a/extract.c
+++ b/extract.c
@@ -1,5 +1,5 @@
 /*
-  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
+  Copyright (c) 1990-2014 Info-ZIP.  All rights reserved.
 
   See the accompanying file LICENSE, version 2009-Jan-02 or later
   (the contents of which are also included in unzip.h) for terms of use.
@@ -298,6 +298,8 @@
 #ifndef SFX
    static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
      EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
+   static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \
+     EF block length (%u bytes) invalid (< %d)\n";
    static ZCONST char Far InvalidComprDataEAs[] =
      " invalid compressed data for EAs\n";
 #  if (defined(WIN32) && defined(NTSD_EAS))
@@ -2023,7 +2025,8 @@
         ebID = makeword(ef);
         ebLen = (unsigned)makeword(ef+EB_LEN);
 
-        if (ebLen > (ef_len - EB_HEADSIZE)) {
+        if (ebLen > (ef_len - EB_HEADSIZE))
+        {
            /* Discovered some extra field inconsistency! */
             if (uO.qflag)
                 Info(slide, 1, ((char *)slide, "%-22s ",
@@ -2032,6 +2035,16 @@
               ebLen, (ef_len - EB_HEADSIZE)));
             return PK_ERR;
         }
+        else if (ebLen < EB_HEADSIZE)
+        {
+            /* Extra block length smaller than header length. */
+            if (uO.qflag)
+                Info(slide, 1, ((char *)slide, "%-22s ",
+                  FnFilter1(G.filename)));
+            Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength),
+              ebLen, EB_HEADSIZE));
+            return PK_ERR;
+        }
 
         switch (ebID) {
             case EF_OS2:
ter'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=e94d63d49e134932eeefe21c09e4d25bc829f59b'>root</a>/<a href='/guix/log/gnu?id=e94d63d49e134932eeefe21c09e4d25bc829f59b'>gnu</a>/<a href='/guix/log/gnu/build?id=e94d63d49e134932eeefe21c09e4d25bc829f59b'>build</a>/<a href='/guix/log/gnu/build/image.scm?id=e94d63d49e134932eeefe21c09e4d25bc829f59b'>image.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/build/image.scm?id=e94d63d49e134932eeefe21c09e4d25bc829f59b&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2022-08-30 19:29:58 +0200'>2022-08-30</span></td><td><a href='/guix/commit/gnu/build/image.scm?id=192b7d0c0b0958d6c87df6084a644e0c7eca2ec0'>build: image: Make partition uuid optional.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2022-08-30 19:29:58 +0200'>2022-08-30</span></td><td><a href='/guix/commit/gnu/build/image.scm?id=61bbff9d5015d0f60ad68f1814e0a0b0ea0592b8'>build: image: Remove unused variable.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2022-06-24 10:21:06 +0200'>2022-06-24</span></td><td><a href='/guix/commit/gnu/build/image.scm?id=62c86c8391ceb8953ca972498fd75ea9298b85ff'>image: Add support for 32bit UEFI.</a><span class='msg-avail'>...</span></td><td>Denis 'GNUtoo' Carikli</td></tr>
<tr><td><span title='2022-05-31 14:51:13 +0200'>2022-05-31</span></td><td><a href='/guix/commit/gnu/build/image.scm?id=8b680b00d49bdd1064918ffd221ffbcc11ba902a'>image: Add fat32 support.</a><span class='msg-avail'>...</span></td><td>Pavel Shlyak</td></tr>
<tr><td><span title='2022-05-23 09:17:12 +0200'>2022-05-23</span></td><td><a href='/guix/commit/gnu/build/image.scm?id=bb662d71e6e3db69114645d690bc033c5ffa1ac5'>image: Add bootable flag support.</a><span class='msg-avail'>...</span></td><td>Pavel Shlyak</td></tr>
<tr><td><span title='2022-02-07 16:22:37 -0500'>2022-02-07</span></td><td><a href='/guix/commit/gnu/build/image.scm?id=472680a28d83f79935bd526db6ed7ed39cdd9198'>build: image: Account for fixed-size file system structures.</a><span class='msg-avail'>...</span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2021-12-23 10:53:59 +0100'>2021-12-23</span></td><td><a href='/guix/commit/gnu/build/image.scm?id=cc4e8a84f4d5d8861c9445ec7e4a75b59d50d3db'>build: image: Add optional closure copy support.</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2021-08-15 14:15:37 -0400'>2021-08-15</span></td><td><a href='/guix/commit/gnu/build/image.scm?id=94551439074f804f35970b08435aa02007edfb0b'>Update copyright/name notices for Christine Lemmer-Webber.</a><span class='msg-avail'>...</span></td><td>Christopher Lemmer Webber</td></tr>
<tr><td><span title='2021-04-21 08:30:32 -0700'>2021-04-21</span></td><td><a href='/guix/commit/gnu/build/image.scm?id=65b86c71ca305b3953cdbe4ad0cf805f86083870'>image: Fix spelling of "evaluate"</a><span class='msg-avail'>...</span></td><td>Vagrant Cascadian</td></tr>

Age	Commit message (Expand)	Author
2022-08-30	build: image: Make partition uuid optional....	Mathieu Othacehe
2022-08-30	build: image: Remove unused variable....	Mathieu Othacehe
2022-06-24	image: Add support for 32bit UEFI....	Denis 'GNUtoo' Carikli
2022-05-31	image: Add fat32 support....	Pavel Shlyak
2022-05-23	image: Add bootable flag support....	Pavel Shlyak
2022-02-07	build: image: Account for fixed-size file system structures....	Tobias Geerinckx-Rice
2021-12-23	build: image: Add optional closure copy support....	Mathieu Othacehe
2021-08-15	Update copyright/name notices for Christine Lemmer-Webber....	Christopher Lemmer Webber
2021-04-21	image: Fix spelling of "evaluate"...	Vagrant Cascadian