Opened 4 months ago

Closed 3 months ago

#15449 closed enhancement (fixed)

advisory for libarchive-3.5.2

Reported by: Bruce Dubbs Owned by: Xi Ruoyao
Priority: elevated Milestone: 11.0
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (7)

comment:1 by Douglas R. Reno, 4 months ago

Priority: normalelevated

Similar to libgcrypt, this one appears to have security fixes in it as well. Not sure on any CVEs though.

Important Security Fixes:

    fix handling of symbolic link ACLs on Linux (#1565)
    never follow symlinks when setting file flags on Linux (e2ad1a2)
    do not follow symlinks when processing the fixup list (#1566)

I've omitted the rest of the notes.

comment:2 by Douglas R. Reno, 3 months ago

Milestone: 11.111.0

Promote back to 11.0.

comment:3 by pierre, 3 months ago

Owner: changed from blfs-book to pierre
Status: newassigned

comment:4 by pierre, 3 months ago

Full release notes:

Libarchive 3.5.2 is a feature and security release.

New minor features:

    CPIO: Support for PWB and v7 binary cpio formats (#1502)
    ZIP reader: Support of deflate algorithm in symbolic link decompression (#1509)

Important Security Fixes:

    fix handling of symbolic link ACLs on Linux (#1565)
    never follow symlinks when setting file flags on Linux (e2ad1a2)
    do not follow symlinks when processing the fixup list (#1566)

Important Bugfixes:

    fix extraction of hardlinks to symlinks (#1044)
    7zip reader and writer fixes (#1480, #1532)
    RAR reader fixes (#1504, #1521)
    ZIP reader: fix excessive read for padded zip (#1514)
    CAB reader: fix double free (#1520)
    handle short writes from archive_write_callback (#1530)

comment:5 by Xi Ruoyao, 3 months ago

Owner: changed from pierre to Xi Ruoyao
Status: assignednew

Take it, because it's necessary for tagging UEFI related stuff.

comment:6 by Xi Ruoyao, 3 months ago

Summary: libarchive-3.5.2advisory for libarchive-3.5.2

Updated at caca8cd54542161caacbbb2a6e750b48e5cad862. Advisory later.

comment:7 by Xi Ruoyao, 3 months ago

Resolution: fixed
Status: newclosed

SA-10.1-100 added.

Note: See TracTickets for help on using tickets.