app-arch/sharutils/files/sharutils-4.15.2-CVE-2018-1000097.patch - third_party/overlays/portage-stable - Git at Google

 From: Petr Pisar
 Subject: Fix CVE-2018-1000097, heap buffer overflow in unshar
 Bug-Debian: https://bugs.debian.org/893525
 X-Debian-version: 1:4.15.2-3

 --- a/src/unshar.c
 +++ b/src/unshar.c
 @@ -240,7 +240,7 @@
        off_t position = ftello (file);

        /* Read next line, fail if no more and no previous process.  */
 -      if (!fgets (rw_buffer, BUFSIZ, file))
 +      if (!fgets (rw_buffer, rw_base_size, file))
  	{
  	  if (!start)
  	    error (0, 0, _("Found no shell commands in %s"), name);
	From: Petr Pisar
	Subject: Fix CVE-2018-1000097, heap buffer overflow in unshar
	Bug-Debian: https://bugs.debian.org/893525
	X-Debian-version: 1:4.15.2-3

	--- a/src/unshar.c
	+++ b/src/unshar.c
	@@ -240,7 +240,7 @@
	off_t position = ftello (file);

	/* Read next line, fail if no more and no previous process. */
	- if (!fgets (rw_buffer, BUFSIZ, file))
	+ if (!fgets (rw_buffer, rw_base_size, file))
	{
	if (!start)
	error (0, 0, _("Found no shell commands in %s"), name);