note there's also an embedded copy of thise in pecl-zip (and PHP but
we don't build that), but they haven't been tracking libzip upstream,
they are stuck with a several-year-old version at present. I don't have
time to look into that now.
----- Forwarded message from Stuart Henderson <st...@cvs.openbsd.org> -----
From: Stuart Henderson <st...@cvs.openbsd.org>
Date: Wed, 21 Mar 2012 04:30:22 -0600 (MDT)
To: ports-chan...@cvs.openbsd.org
Subject: CVS: cvs.openbsd.org: ports
CVSROOT: /cvs
Module name: ports
Changes by: st...@cvs.openbsd.org 2012/03/21 04:30:22
Modified files:
archivers/libzip: Makefile distinfo
Log message:
SECURITY update to libzip 0.10.1
CVE-2012-1162 heap overflow on corrupted zip files
CVE-2012-1163 integer overflow
more info at http://www.openwall.com/lists/oss-security/2012/03/21/2
----- End forwarded message -----
