apt/apt-pkg/deb/debfile.cc, branch 2.1.16

apt/apt-pkg/deb/debfile.cc, branch 2.1.16 Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.1.16 2020-12-09T16:30:43Z CVE-2020-27350: debfile: integer overflow: Limit control size to 64 MiB 2020-12-09T16:30:43Z Julian Andres Klode julian.klode@canonical.com 2020-12-05T19:17:56Z urn:sha1:0444f9dd52c2bc7bec315f6f1ecad76a30713fa0 Like the code in arfile.cc, MemControlExtract also has buffer overflows, in code allocating memory for parsing control files. Specify an upper limit of 64 MiB for control files to both protect against the Size overflowing (we allocate Size + 2 bytes), and protect a bit against control files consisting only of zeroes. Merge libapt-inst into libapt-pkg 2019-05-06T10:14:04Z Julian Andres Klode julian.klode@canonical.com 2019-05-06T09:40:08Z urn:sha1:dfe2511e31f232a8a8880eba40af40d1deb0e49c