Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#16393 closed enhancement (fixed)

libarchive-3.6.1

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: normal Milestone: 11.2
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (5)

comment:1 by Xi Ruoyao, 2 years ago

The sed should be dropped. It still applies but the upstream fixed the issue with a different way: https://github.com/libarchive/libarchive/pull/1717

Last edited 2 years ago by Xi Ruoyao (previous) (diff)

comment:2 by Bruce Dubbs, 2 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:3 by Bruce Dubbs, 2 years ago

Libarchive 3.6.1 is a bugfix and security release.

Security fixes:

  • 7zip reader: fix PPMD read beyond boundary
  • ZIP reader: fix possible out of bounds read
  • ISO reader: fix possible heap buffer overflow in read_children()
  • RARv4 reader: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0)
  • fix heap use after free in archive_read_format_rar_read_data()
  • fix null dereference in read_data_compressed()
  • fix heap user after free in run_filters()

comment:4 by Bruce Dubbs, 2 years ago

Resolution: fixed
Status: assignedclosed

Fixed at commit 

c11e38d10d Update to xclock-1.1.1.
cc519e4394 Update to libarchive-3.6.1.
7bea54aff0 Update to XML-LibXSLT-2,000000 (Perl module).
5155c4db78 libusb-1.0.26.
5a1049aa68 Update to umockdev-0.17.9.

comment:5 by Douglas R. Reno, 2 years ago

SA-11.1-026 issued

Note: See TracTickets for help on using tickets.