Hello community, here is the log from the commit of package p7zip for openSUSE:Factory checked in at 2016-11-29 12:48:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/p7zip (Old) and /work/SRC/openSUSE:Factory/.p7zip.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "p7zip" Changes: -------- --- /work/SRC/openSUSE:Factory/p7zip/p7zip.changes 2016-07-21 07:54:43.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.p7zip.new/p7zip.changes 2016-11-29 12:48:12.000000000 +0100 @@ -1,0 +2,6 @@ +Thu Nov 24 15:16:47 UTC 2016 - idonmez@suse.com + +- Add CVE-2016-9296.patch to fix a null pointer dereference + problem (CVE-2016-9296) + +------------------------------------------------------------------- New: ---- CVE-2016-9296.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ p7zip.spec ++++++ --- /var/tmp/diff_new_pack.D7aF5c/_old 2016-11-29 12:48:13.000000000 +0100 +++ /var/tmp/diff_new_pack.D7aF5c/_new 2016-11-29 12:48:13.000000000 +0100 @@ -27,6 +27,7 @@ Group: Productivity/Archiving/Compression Url: http://p7zip.sourceforge.net/ Source: http://downloads.sourceforge.net/project/p7zip/p7zip/%{version}/p7zip_%{version}_src_all.tar.bz2 +Patch1: CVE-2016-9296.patch BuildRequires: gcc-c++ BuildRoot: %{_tmppath}/%{name}-%{version}-build %if %{with buildgui} @@ -69,6 +70,7 @@ %prep %setup -q -n %{name}_%{version} +%patch1 -p1 %ifarch x86_64 cp makefile.linux_amd64_asm makefile.machine ++++++ CVE-2016-9296.patch ++++++ Index: p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp =================================================================== --- p7zip_16.02.orig/CPP/7zip/Archive/7z/7zIn.cpp +++ p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp @@ -1097,7 +1097,10 @@ HRESULT CInArchive::ReadAndDecodePackedS if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) ThrowIncorrect(); } - HeadersSize += folders.PackPositions[folders.NumPackStreams]; + + if (folders.PackPositions) + HeadersSize += folders.PackPositions[folders.NumPackStreams]; + return S_OK; }