note there's also an embedded copy of thise in pecl-zip (and PHP but we don't build that), but they haven't been tracking libzip upstream, they are stuck with a several-year-old version at present. I don't have time to look into that now.
----- Forwarded message from Stuart Henderson <st...@cvs.openbsd.org> ----- From: Stuart Henderson <st...@cvs.openbsd.org> Date: Wed, 21 Mar 2012 04:30:22 -0600 (MDT) To: ports-chan...@cvs.openbsd.org Subject: CVS: cvs.openbsd.org: ports CVSROOT: /cvs Module name: ports Changes by: st...@cvs.openbsd.org 2012/03/21 04:30:22 Modified files: archivers/libzip: Makefile distinfo Log message: SECURITY update to libzip 0.10.1 CVE-2012-1162 heap overflow on corrupted zip files CVE-2012-1163 integer overflow more info at http://www.openwall.com/lists/oss-security/2012/03/21/2 ----- End forwarded message -----