Due to lack of resources we (libarchive) are currently not publishing
CVE information.
Most of our security fixes are patches for issues discovered by Google's
OSS-Fuzz project.
These issues are made public 30 days after they have been detected as
fixed or 90 days after being discovered.
I can provide links to published issues at OSS-Fuzz.
Am 17.06.19 um 14:17 schrieb Cy Schubert:
In message <201906171146.x5hbkbcc019...@repo.freebsd.org>, Martin
Matuska write
s:
Author: mm
Date: Mon Jun 17 11:46:37 2019
New Revision: 349135
URL: https://svnweb.freebsd.org/changeset/base/349135
Log:
MFV r349134:
Sync libarchive with vendor.
Relevant vendor changes:
PR #1212: RAR5 reader - window_mask was not updated correctly
(OSS-Fuzz 15278)
OSS-Fuzz 15120: RAR reader - extend use after free bugfix
Did our upline document a CVE for this?
MFC after: 1 week (together with r348993)
Added:
head/contrib/libarchive/libarchive/test/test_read_format_rar5_different_win
dow_size.rar.uu
- copied unchanged from r349134, vendor/libarchive/dist/libarchive/test/
test_read_format_rar5_different_window_size.rar.uu
head/contrib/libarchive/libarchive/test/test_read_format_rar_ppmd_use_after
_free2.rar.uu
- copied unchanged from r349134, vendor/libarchive/dist/libarchive/test/
test_read_format_rar_ppmd_use_after_free2.rar.uu
Modified:
head/contrib/libarchive/libarchive/archive_read_support_format_rar.c
head/contrib/libarchive/libarchive/archive_read_support_format_rar5.c
head/contrib/libarchive/libarchive/test/test_read_format_rar.c
head/contrib/libarchive/libarchive/test/test_read_format_rar5.c
head/lib/libarchive/tests/Makefile
Directory Properties:
head/contrib/libarchive/ (props changed)
[...]
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
