From: sms
Subject: Fix CVE-2014-8139: CRC32 verification heap-based overflow
Bug-Debian: http://bugs.debian.org/773722

--- a/extract.c
+++ b/extract.c
@@ -1,5 +1,5 @@
 /*
-  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
+  Copyright (c) 1990-2014 Info-ZIP.  All rights reserved.
 
   See the accompanying file LICENSE, version 2009-Jan-02 or later
   (the contents of which are also included in unzip.h) for terms of use.
@@ -298,6 +298,8 @@
 #ifndef SFX
    static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
      EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
+   static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \
+     EF block length (%u bytes) invalid (< %d)\n";
    static ZCONST char Far InvalidComprDataEAs[] =
      " invalid compressed data for EAs\n";
 #  if (defined(WIN32) && defined(NTSD_EAS))
@@ -2023,7 +2025,8 @@
         ebID = makeword(ef);
         ebLen = (unsigned)makeword(ef+EB_LEN);
 
-        if (ebLen > (ef_len - EB_HEADSIZE)) {
+        if (ebLen > (ef_len - EB_HEADSIZE))
+        {
            /* Discovered some extra field inconsistency! */
             if (uO.qflag)
                 Info(slide, 1, ((char *)slide, "%-22s ",
@@ -2032,6 +2035,16 @@
               ebLen, (ef_len - EB_HEADSIZE)));
             return PK_ERR;
         }
+        else if (ebLen < EB_HEADSIZE)
+        {
+            /* Extra block length smaller than header length. */
+            if (uO.qflag)
+                Info(slide, 1, ((char *)slide, "%-22s ",
+                  FnFilter1(G.filename)));
+            Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength),
+              ebLen, EB_HEADSIZE));
+            return PK_ERR;
+        }
 
         switch (ebID) {
             case EF_OS2:
'committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=84ce7c5a559c0eabd831b4bf3633103036df1929'>root</a>/<a href='/guix/log/gnu?id=84ce7c5a559c0eabd831b4bf3633103036df1929'>gnu</a>/<a href='/guix/log/gnu/packages?id=84ce7c5a559c0eabd831b4bf3633103036df1929'>packages</a>/<a href='/guix/log/gnu/packages/dbm.scm?id=84ce7c5a559c0eabd831b4bf3633103036df1929'>dbm.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/packages/dbm.scm?id=84ce7c5a559c0eabd831b4bf3633103036df1929&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2019-07-08 16:21:48 -0400'>2019-07-08</span></td><td><a href='/guix/commit/gnu/packages/dbm.scm?id=883fe9bb913ac284c6ec203b41fc22cb6212c337'>gnu: bdb: Add 4.8.30.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/dbm.scm (bdb-4.8): New variable.
[arguments]: Configure and build from 'build_unix' directory as
mentioned in documentation.
(bdb-5.3): Inherit from bdb-4.8.
(bdb-6): Inherit from bdb-4.8.
(bdb): Point to bdb-6.
</span></span></td><td>Carl Dong</td></tr>
<tr><td><span title='2019-02-11 19:48:31 +0100'>2019-02-11</span></td><td><a href='/guix/commit/gnu/packages/dbm.scm?id=fe82194394137bbd617d474d3a3b58783afb0470'>gnu: gdbm: Update to 1.18.1.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/dbm.scm (gdbm): Update to 1.18.1.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2019-01-16 16:08:22 +0100'>2019-01-16</span></td><td><a href='/guix/commit/gnu/packages/dbm.scm?id=255d1bbe777a824be726edeb9fd47458a3a877a9'>gnu: Move dbm databases to new module.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/databases.scm (gdbm, bdb, bdb-5.3): Move from here...
* gnu/packages/dbm.scm: ...to this new module.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* gnu/packages/audio.scm,
gnu/packages/avahi.scm,
gnu/packages/backup.scm,
gnu/packages/cobol.scm,
gnu/packages/cyrus-sasl.scm,
gnu/packages/databases.scm,
gnu/packages/finance.scm,
gnu/packages/game-development.scm,
gnu/packages/gnome.scm,
gnu/packages/guile.scm,
gnu/packages/ibus.scm,
gnu/packages/kerberos.scm,
gnu/packages/linux.scm,
gnu/packages/mail.scm,
gnu/packages/man.scm,
gnu/packages/nvi.scm,
gnu/packages/openldap.scm,
gnu/packages/package-management.scm,
gnu/packages/php.scm,
gnu/packages/pulseaudio.scm,
gnu/packages/python.scm,
gnu/packages/rdf.scm,
gnu/packages/ruby.scm,
gnu/packages/sawfish.scm: Update module references.
</span></span></td><td>Ricardo Wurmus</td></tr>

Age	Commit message (Expand)	Author
2019-07-08	gnu: bdb: Add 4.8.30....* gnu/packages/dbm.scm (bdb-4.8): New variable. [arguments]: Configure and build from 'build_unix' directory as mentioned in documentation. (bdb-5.3): Inherit from bdb-4.8. (bdb-6): Inherit from bdb-4.8. (bdb): Point to bdb-6.	Carl Dong
2019-02-11	gnu: gdbm: Update to 1.18.1....* gnu/packages/dbm.scm (gdbm): Update to 1.18.1.	Marius Bakke
2019-01-16	gnu: Move dbm databases to new module....* gnu/packages/databases.scm (gdbm, bdb, bdb-5.3): Move from here... * gnu/packages/dbm.scm: ...to this new module. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * gnu/packages/audio.scm, gnu/packages/avahi.scm, gnu/packages/backup.scm, gnu/packages/cobol.scm, gnu/packages/cyrus-sasl.scm, gnu/packages/databases.scm, gnu/packages/finance.scm, gnu/packages/game-development.scm, gnu/packages/gnome.scm, gnu/packages/guile.scm, gnu/packages/ibus.scm, gnu/packages/kerberos.scm, gnu/packages/linux.scm, gnu/packages/mail.scm, gnu/packages/man.scm, gnu/packages/nvi.scm, gnu/packages/openldap.scm, gnu/packages/package-management.scm, gnu/packages/php.scm, gnu/packages/pulseaudio.scm, gnu/packages/python.scm, gnu/packages/rdf.scm, gnu/packages/ruby.scm, gnu/packages/sawfish.scm: Update module references.	Ricardo Wurmus