Opened 4 years ago
Closed 4 years ago
#15449 closed enhancement (fixed)
advisory for libarchive-3.5.2
| Reported by: | Bruce Dubbs | Owned by: | Xi Ruoyao |
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (7)
comment:1 by , 4 years ago
| Priority: | normal → elevated |
|---|
comment:3 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:4 by , 4 years ago
Full release notes:
Libarchive 3.5.2 is a feature and security release.
New minor features:
CPIO: Support for PWB and v7 binary cpio formats (#1502)
ZIP reader: Support of deflate algorithm in symbolic link decompression (#1509)
Important Security Fixes:
fix handling of symbolic link ACLs on Linux (#1565)
never follow symlinks when setting file flags on Linux (e2ad1a2)
do not follow symlinks when processing the fixup list (#1566)
Important Bugfixes:
fix extraction of hardlinks to symlinks (#1044)
7zip reader and writer fixes (#1480, #1532)
RAR reader fixes (#1504, #1521)
ZIP reader: fix excessive read for padded zip (#1514)
CAB reader: fix double free (#1520)
handle short writes from archive_write_callback (#1530)
comment:5 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | assigned → new |
Take it, because it's necessary for tagging UEFI related stuff.
comment:6 by , 4 years ago
| Summary: | libarchive-3.5.2 → advisory for libarchive-3.5.2 |
|---|
Updated at caca8cd54542161caacbbb2a6e750b48e5cad862. Advisory later.
Note:
See TracTickets
for help on using tickets.
Similar to libgcrypt, this one appears to have security fixes in it as well. Not sure on any CVEs though.
Important Security Fixes: fix handling of symbolic link ACLs on Linux (#1565) never follow symlinks when setting file flags on Linux (e2ad1a2) do not follow symlinks when processing the fixup list (#1566)I've omitted the rest of the notes.